On Tuesday 20 February 2007 16:29:25 Matthew Booth wrote: > I needed a way to exclude a very large class of audit traffic [1] in > RHEL 4. It occurred to me that if I could launch a process and give it > the auid of a dedicated user, I could easily filter it out along with > all child processes. With this in mind I wrote the attached simple > wrapper round the audit_setloginuid. It sets its own auid to whatever > you give it, then execs a command.
In general, I don't like the theory that this operates under. It could be abused and then the audit trail coerced. Could you not achieve this by making the apps set gid and filtering on the group? -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
