On 1/10/2023 4:08 AM, Anurag Aggarwal wrote: > Hello All, > > I need a method to identify whether the audid version a kernel is > running supports path based exclusions.
% cat /sys/kernel/security/lsm This will tell you what security modules are in use. Check whether any of the modules that use path based controls (AppArmor, TOMOYO) are in the list. > > One option would be to useĀ audit_add_rule_data to add a temporary path > based rule and check if it is successful, but this won't work when > auditd is running in immutable mode. > > > Any other way which does not require checking versions of Kernel or > Distribution? > > -- > Anurag Aggarwal > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://listman.redhat.com/mailman/listinfo/linux-audit -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit
