Re: audit on Fedora Core 5

On Thu, 23 Mar 2006 08:42:46 EST, John D. Ramsdell said: Make the business case for it. What percent of users need/want Emacs? What percent of users need/want audit? (Hint - I'll bet there at least an order of magnitude, possibly two entire orders, more OpenOffice users than Emacs users). If they aren't *asking* for it, what features do the packages provide that make it worth the added overhead? (Let 'yum' suck down a copy of an emacs-sized RPM over a less-than-blazing net connection sometime, and you'll understand the desire to minimize the number of things installed by default). In particular, I can make the case that audit should *not* be installed by default on any box that has SELinux enabled by default - if auditd isn't running, then SELinux AVC messages will end up in the syslog where most people expect to find them, in a format that they can use grep and similar to deal with. If auditd is running, suddenly those messages are in their own file in /var/log/audit/, and they need to learn about ausearch and friends.....