Does anyone know the number of audit rules that can be installed on a system before having to traverse the list of rules on every syscall starts to take a noticeable amount of time? I'm assuming no rules that generate excessive logs, so nothing like '-a exit,always -S execve' or '-a exit,always -S open'.
Cheers, peter -- Peter Moody Google 1.650.253.7306 Security Engineer pgp:0xC3410038 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
