audit syscall information.
James Morris
jmorris at redhat.com
Sat Apr 23 01:38:07 UTC 2005
On Fri, 22 Apr 2005, Olaf Kirch wrote:
> You also need to intercept rtnetlink messages to catch all network
> related configuration changes, but I guess you're already doing
> that somewhere else.
SELinux can trigger auditing of netlink messages, but the granularity is
only the netlink family and whether it's a 'read' or 'write' operation
(for rtnetlink).
- James
--
James Morris
<jmorris at redhat.com>
More information about the Linux-audit
mailing list