Sanity Check on Audit
Harry Hoffman
hhoffman at ip-solutions.net
Thu Feb 6 14:22:42 UTC 2014
paul,
you might be able to write a custom selinux policy to disallow this
action but i imagine it would be pretty complex.
maybe it's better to just report on when the process isn't running?
cheers,
harry
On 02/06/2014 09:22 AM, Paul Whitney wrote:
> I am configuring our auditing service to send logs through rsyslog.
> While tinkering around, I was able to stop and start auditing from the
> command line as the root user. Is there a way to prevent anyone
> including root from stopping the audit service unless system is rebooted
> into single user mode?
>
> Thanks,
> Paul M. Whitney
>
>
>
>
More information about the redhat-list
mailing list