Re: [PATCH] audit: add task history record
On Thu, Aug 24, 2023 at 9:47 AM Tetsuo Handa
<penguin-kernel(a)i-love.sakura.ne.jp> wrote:
On 2023/08/24 22:39, Tetsuo Handa wrote:
>>> (1) Catch _all_ process creations (both via fork()/clone() system calls
and
>>> kthread_create() from the kernel), and duplicate the history upon
process
>>> creation.
>>
>> Create an audit filter rule to record the syscalls you are interested
>> in logging.
>
> I can't interpret what you are talking about. Please show me using command
line.
I'm not interested in logging the syscalls just for maintaining process history
information.
That's unfortunate because I'm not interested in merging your patch
when we already have an audit log which can be used to trace process
history information.
--
paul-moore.com