Disabling selinux question
Enrico Scholz
enrico.scholz at informatik.tu-chemnitz.de
Fri Jan 4 14:41:58 UTC 2008
Steve Grubb <sgrubb at redhat.com> writes:
>> What else, besides selinux, is using auditd in Fedora right now or in
>> the immediate future? (Since we're a distribution we don't count
>> theoretical use cases I hope...)
>
> The audit logs are the collection point for all security relevant
> events from
that's a big problem with auditd: it supports only local logging and
logfiles on compromised machines are worthless... As 'auditd' "removes"
log messages like AVC errors from normal log sources they are not visible
for syslog anymore.
Hence, it's better to disable auditd and read the raw data on the remote
syslog server.
Enrico
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 480 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080104/0b40b2e2/attachment.sig>
More information about the fedora-devel-list
mailing list