Paul, For "Anyone" it wouldn't be a problem, but a root user is allowed to do anything. So a root is always be able to stop a process on the system. Think of a solution to lock ssh access (sshd_config) for everyone, but you. And even this is no 100% solution. Regards Ron de Kuijer ________________________________________ From: redhat-list-bounces@xxxxxxxxxx [redhat-list-bounces@xxxxxxxxxx] On Behalf Of Paul Whitney [paul.whitney@xxxxxxx] Sent: Thursday, February 06, 2014 15:22 To: General Red Hat Linux discussion list Subject: Sanity Check on Audit I am configuring our auditing service to send logs through rsyslog. While tinkering around, I was able to stop and start auditing from the command line as the root user. Is there a way to prevent anyone including root from stopping the audit service unless system is rebooted into single user mode? Thanks, Paul M. Whitney -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
