Re: Audit for live supervision

Hello Steve, Damn security. I saw that patch while googling, and hoped it wasn't merged, but seems it was. I don't really understand why it is helping security, if I need to kill auditd before I can open the netlink socket. For both I need root rights. There isn't any SELinux in the play, is there? Because if that were the case, we could e.g. only open the netlink socket with the auditd binary. That would be effective, and configuration we could then change. But probably pointless to waiste your time on this, given how little I understand security. I just can't resist, feels like a bike-shed and really annoying limitation for our non-security interested system. :-) Best regards, Kay Hayen