Linux audit v. Solaris audit
Timothy R. Chavez
tinytim at us.ibm.com
Fri Mar 17 14:52:09 UTC 2006
On Fri, 2006-03-17 at 09:01 -0500, Steve Grubb wrote:
> On Thursday 16 March 2006 12:12, Sponsler, Mike wrote:
> > Is the audit daemon for linux similiar to the audit daemon for solaris
> > 10? Specifically does it do BSM auditing?
>
> I've never looked at the Solaris audit daemon. So, its likely to be different.
>
> -Steve
>
Linux audit does not do BSM-style auditing. Specifically, Linux audit
has no support for a binary record at this time nor is there a policy
language to express the concept of "audit classes". Instead, Linux
audit has a simple "rule-based" filtering mechanism that allows one to
filter through / out auditable events.
-tim
More information about the Linux-audit
mailing list