Is audit really disabled?
James Morris
jmorris at redhat.com
Wed Aug 10 20:25:24 UTC 2005
I'm using audit=0 at the kernel command line, have auditd disabled. Boot
messages:
audit: disabled (after initialization)
audit: initializing netlink socket (disabled) <- confusing
audit(1123705334.896:1): initialized
# auditctl -s
AUDIT_STATUS: enabled=0 flag=1 pid=0 rate_limit=0 backlog_limit=64 lost=0
backlog=0
kauditd is running and I appear to be getting some audit messages on the
console.
What's going on here?
- James
--
James Morris
<jmorris at redhat.com>
More information about the Linux-audit
mailing list