Re: Fwd: Re: Fw: Audit records for start/stop auditd
linux-audit-bounces(a)redhat.com wrote on 04/06/2005 08:54:10 AM:
I wonder if we should have another audit message type AUDIT_TERM.
Then in
the
above function, do an if statement on SIGTERM or SIGKILL and send
the
AUDIT_TERM message type. The message needs to be easily interpreted as
the
audit system is being terminated.
The current records are type DAEMON, and the messages state, "auditd start"
and "auditd normal halt", so as far as administrator information, it is
already clear what has happened.
Attachments:
- attachment.html (text/html — 649 bytes)