On Mon, 2004-12-20 at 18:24, Browder, Tom wrote: > I joined, and took a look. With the audit tools, and audit=1, do I need > to keep SELinux turned on? Not if all you want is auditing. But note that you'll have to set up audit filters via auditctl to audit what you want, vs. using SELinux policy to enable auditing on particular objects. There is ongoing work to add support for object-based auditing in the audit framework as well, as noted on the linux-audit list. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency