Re: option "-n" of auditd
On Tue, 29 Apr 2008 13:34:20 +0800, chuli said:
Hi,
I 've tried option "-n" of auditd, but I don't understand what's
the meaning of this option?
Is it used for single-user mode of inittab?
It's probably usable for all runlevels, if you're using inittab to (re)start
auditd. If you don't use it, what will happen is that auditd will do the
traditional double-fork-to-daemonize, init will notice the parent has exited,
and if inittab says 'respawn', will fork/exec another auditd, which will
double-fork, and in a few seconds you've fork-bombed the system into a
smoking crater...
Attachments:
- attachment.sig (application/pgp-signature — 226 bytes)