Steve Grubb <sgrubb@xxxxxxxxxx> writes: >> What else, besides selinux, is using auditd in Fedora right now or in >> the immediate future? (Since we're a distribution we don't count >> theoretical use cases I hope...) > > The audit logs are the collection point for all security relevant > events from that's a big problem with auditd: it supports only local logging and logfiles on compromised machines are worthless... As 'auditd' "removes" log messages like AVC errors from normal log sources they are not visible for syslog anymore. Hence, it's better to disable auditd and read the raw data on the remote syslog server. Enrico
Attachment:
pgpJVuBcMnNhQ.pgp
Description: PGP signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
