Sanity Check on Audit
postmaster at ronno.nl
postmaster at ronno.nl
Thu Feb 6 14:51:09 UTC 2014
Paul,
For "Anyone" it wouldn't be a problem, but a root user is allowed to do anything.
So a root is always be able to stop a process on the system.
Think of a solution to lock ssh access (sshd_config) for everyone, but you.
And even this is no 100% solution.
Regards
Ron de Kuijer
________________________________________
From: redhat-list-bounces at redhat.com [redhat-list-bounces at redhat.com] On Behalf Of Paul Whitney [paul.whitney at mac.com]
Sent: Thursday, February 06, 2014 15:22
To: General Red Hat Linux discussion list
Subject: Sanity Check on Audit
I am configuring our auditing service to send logs through rsyslog. While tinkering around, I was able to stop and start auditing from the command line as the root user. Is there a way to prevent anyone including root from stopping the audit service unless system is rebooted into single user mode?
Thanks,
Paul M. Whitney
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list