I'm currently testing auditd with rules for setuid or setgid binaries on the system.
I currently maintain the list via find, and pushing the results to a audit.rules file. I'm hoping there's a cleaner way, perhaps by triggering on the appropriate syscall -- but have not discovered it. Is there an easier method? -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
