Significant performance hit auditing system account actions?
leam hall
leamhall at gmail.com
Thu May 14 19:24:16 UTC 2015
Some security requirements include auditing events by users and root. So
the line might include something like:
-F auid=0 -F auid>=500 -F auid!=4294967295
My question is, if you don't include that phrase will the audit system
still get everything and not incur a serious performance hit. Effectively
it will audit everything for users 1-499, the usual system accounts.
Leam
--
Mind on a Mission <http://leamhall.blogspot.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20150514/78567532/attachment.htm>
More information about the Linux-audit
mailing list