On Tuesday 20 October 2009 10:07:30 am corentin.labbe wrote: > This is a patch that add a -u parameter to auditd.
That would perhaps change a bunch of things in auditd file permissions. > This parameter permit to auditd to drop to an unprivilegied UID after > initialization. Have you checked to see if these things still work: * service auditd rotate, and do you get a DAEMON_ROTATE record filled in? * service auditd reload, and do you get a DAEMON_RECONFIG record filled in? * service auditd stop, and do you get a DAEMON_END record filled in? * If you increase the priority in auditd.conf and run service auditd reload, does it work? *Does space_left_action still work for email, single, and halt options? * Can you still change tcp_listen_port to another privileged port and service auditd reload? * What about the kerberos options? Just curious if these scenarios were checked. :) -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
