On Thu, Jul 14, 2022 at 3:01 PM Lenny Bruzenak <le...@magitekltd.com> wrote: > On 7/14/22 11:53, Stephen Smalley wrote: > > Hi, > > > > Is it possible to exclude a script from triggering audit records? > > I know that one can exclude an executable via -a never,exit -F > > exe=/path/to/exe but I haven't been able to find a way to do the same > > for a script. > > Also, is there a way to have the exclusion applied to all child > > processes spawned by the script? > > So - the way I've done this is to set policy for the script to run in a > certain unique type, then exclude that subj_type. > > For child processes, if they are spawned with the parent context you are > set, otherwise I'm sure macros exist to accommodate that and you would > be more familiar with those than me.
Agree with Lenny, I can't think of anything better. -- paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit
