[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Linux audit v. Solaris audit



On Fri, 2006-03-17 at 09:01 -0500, Steve Grubb wrote:
> On Thursday 16 March 2006 12:12, Sponsler, Mike wrote:
> > Is the audit daemon for linux similiar to the audit daemon for solaris
> > 10?  Specifically does it do BSM auditing?
> 
> I've never looked at the Solaris audit daemon. So, its likely to be different.
> 
> -Steve
> 

Linux audit does not do BSM-style auditing.  Specifically, Linux audit
has no support for a binary record at this time nor is there a policy
language to express the concept of "audit classes".  Instead, Linux
audit has a simple "rule-based" filtering mechanism that allows one to
filter through / out auditable events.

-tim


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]