Excluding a script / process and its descendants from audit
Lenny Bruzenak
lenny at magitekltd.com
Thu Jul 14 19:00:47 UTC 2022
On 7/14/22 11:53, Stephen Smalley wrote:
> Hi,
>
> Is it possible to exclude a script from triggering audit records?
> I know that one can exclude an executable via -a never,exit -F
> exe=/path/to/exe but I haven't been able to find a way to do the same
> for a script.
> Also, is there a way to have the exclusion applied to all child
> processes spawned by the script?
So - the way I've done this is to set policy for the script to run in a
certain unique type, then exclude that subj_type.
For child processes, if they are spawned with the parent context you are
set, otherwise I'm sure macros exist to accommodate that and you would
be more familiar with those than me.
HTH,
LCB
--
Lenny Bruzenak
MagitekLTD
More information about the Linux-audit
mailing list