Re: Bug#759604: Any problem with making auditd log readable by the adm group?
Le 09/05/16 à 21:07, intrigeri a écrit :
Hi,
Hey,
in Debian, the convention for many log files is to make them
readable
by members of the adm group. We're considering doing the same for the
auditd logs, in order to make apparmor-notify work out-of-the-box.
Shouldn't
apparmor-notify use the audispd to get the events instead of
parsing directly the logs?
I'm not objecting changing the permissions in debian, but I'm wondering
if it shouldn't be better to do it like that, I think that the
setroubleshoot (a SELinux troubleshooting service used in RHEL/Fedora)
is doing it like that.
Cheers,
Laurent Bigonville