[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Is audit really disabled?



I'm using audit=0 at the kernel command line, have auditd disabled.  Boot 
messages:

audit: disabled (after initialization)
audit: initializing netlink socket (disabled)  <- confusing
audit(1123705334.896:1): initialized

# auditctl -s
AUDIT_STATUS: enabled=0 flag=1 pid=0 rate_limit=0 backlog_limit=64 lost=0 
backlog=0

kauditd is running and I appear to be getting some audit messages on the 
console.

What's going on here?


- James
-- 
James Morris
<jmorris redhat com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]