auditd conditional logging flexibility

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Greets,

auditd doesn't seem to support the type of flexibility I'm looking for in terms of filters. I'd like to log system calls based upon PID or path based upon /proc/self/exe, e.g. /usr/sbin/sshd. This is primarily due to log volume. Is what I'm looking for possible? Or done better another way?

A related question is about the "task" directive. On a given PID or path as described above, does "task" only log artifacts related to the PID or path and its descendants? I'm not sure if I'm reading the auditd docs correctly.

Thanks.

Sean
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux