Identify whether the kernel version supports Path based exclusion
Casey Schaufler
casey at schaufler-ca.com
Tue Jan 10 14:55:21 UTC 2023
On 1/10/2023 4:08 AM, Anurag Aggarwal wrote:
> Hello All,
>
> I need a method to identify whether the audid version a kernel is
> running supports path based exclusions.
% cat /sys/kernel/security/lsm
This will tell you what security modules are in use. Check whether
any of the modules that use path based controls (AppArmor, TOMOYO)
are in the list.
>
> One option would be to use audit_add_rule_data to add a temporary path
> based rule and check if it is successful, but this won't work when
> auditd is running in immutable mode.
>
>
> Any other way which does not require checking versions of Kernel or
> Distribution?
>
> --
> Anurag Aggarwal
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://listman.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list