auditd log bypass

log bypass

Open tititototutu opened this issue 1 year ago • 1 comments

Hello,

Thank you very much for your work!

A Log bypass is possible by executing the binary flagged with "ld-linux.so".

/usr/bin/dpkg # This is logged
/lib64/ld-linux-x86-64.so.2 /usr/bin/dpkg # Not logged

Jul 15 '24 20:07 tititototutu