We want to use Linux audit type SERVICE_START/STOP for our application
running as service.
But I am not able to find example on how to use auditctl to define the
rule. It seems to me that
all the examples are of rules defined for system_calls. Questions:
1. Can I use audit type SERVICE_START/STOP for my application runs as
service? or would it
be considered as type USR_CMD?
2. How do I use auditctl to define rule for SERVICE_START/STOP? Can you
direct/point me
to URL/documentation where it is documented?
Thanks.
Gisela Cheng
[email protected]
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
