Re: Identify whether the kernel version supports Path based exclusion

Tuesday, 10 January 2023

On 1/10/2023 4:08 AM, Anurag Aggarwal wrote:
...
 Hello All,

 I need a method to identify whether the audid version a kernel is
 running supports path based exclusions. 
% cat /sys/kernel/security/lsm

This will tell you what security modules are in use. Check whether
any of the modules that use path based controls (AppArmor, TOMOYO)
are in the list.

...

 One option would be to use audit_add_rule_data to add a temporary path
 based rule and check if it is successful, but this won't work when
 auditd is running in immutable mode.

 Any other way which does not require checking versions of Kernel or
 Distribution?

 -- 
 Anurag Aggarwal

 --
 Linux-audit mailing list
 Linux-audit(a)redhat.com
 https://listman.redhat.com/mailman/listinfo/linux-audit 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: Identify whether the kernel version supports Path based exclusion