Identify whether the kernel version supports Path based exclusion
Anurag Aggarwal
anurag19aggarwal at gmail.com
Tue Jan 10 12:08:12 UTC 2023
Hello All,
I need a method to identify whether the audid version a kernel is running
supports path based exclusions.
One option would be to use audit_add_rule_data to add a temporary path
based rule and check if it is successful, but this won't work when auditd
is running in immutable mode.
Any other way which does not require checking versions of Kernel or
Distribution?
--
Anurag Aggarwal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20230110/241ea3f7/attachment.htm>
More information about the Linux-audit
mailing list