audit-userspace
audit-userspace copied to clipboard
linux-audit
Linux audit userspace repository
Re-alloc on field array overflow. Not a linked list as it's slower that the array.
Add support action "exec" for max_log_file_action similar space_left_action action "exec". Then There will be more powerful extended processing capabilities Currently max_log_file_action in auditd.conf has valid values below: “ignore ", "...
These seem to have been introduced in a patchset "LSM: Module stacking for AppArmor" () that has not been merged upstream yet.
If config file has, for example: max_log_file = 0 # or unset max_log_file_action = ROTATE # or KEEP_LOGS num_logs = 100 auditd will rotate the logs with a single event...
I'm experiencing [this same bug](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010289) when building on arch, too.
Hello! audit 3.0.8, glibc 2.31. The first configuration: localhost ~ # grep -e num_logs -e max_log_file -e max_log_file_action /etc/audit/auditd.conf num_logs = 10 max_log_file = 100 max_log_file_action = ROTATE There are...
auditd.service has the following line: `RefuseManualStop=yes` It makes `systemctl stop auditd` not work, but `systemctl kill auditd` still works. It is not good to force users to stop the daemon...
LOGIN records were not grouped with the rest of their event, records with the identical timestamp and serial number: ---- time->Tue Mar 19 12:23:15 2019 type=LOGIN msg=audit(1553012595.401:219): pid=647 uid=0 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023...
When using audit to monitor file operations (take rename as an example), the file path information reported by aduit is about this: ``` len[357], node=liuch-PC type=SYSCALL msg=audit(1639712415.637:6250463): arch=c000003e syscall=316 success=yes...
The testing was done only on riscv64 using Fedora 29 w/ kernel 4.19.0-rc8. To my knowledge there are no Linux distributions planning to support riscv32. Note, there is no COMPAT...
