Re: Any problem with making auditd log readable by the adm group?
On Monday, May 09, 2016 09:07:11 PM intrigeri wrote:
in Debian, the convention for many log files is to make them
readable
by members of the adm group. We're considering doing the same for the
auditd logs, in order to make apparmor-notify work out-of-the-box.
The maintainer of auditd in Debian would like to know what's your take
on it. What kind of problem could be created if we did that?
I can't think of any problems. Just set the log_group = adm in auditd.conf and
fixup the packaging to have that as the group owner. Auditd should create the
logs with 0640 permissions.
-Steve