rpms / fedora-release

Clone
Source Code
GIT

37fd69c Presets: enable auditd-rules.service

Authored and Committed by sgallagh 4 months ago
raw patch tree parent
1 file changed. 3 lines added. 0 lines removed.
90-default.preset
file modified
+3 -0 
    Presets: enable auditd-rules.service
    
    The audit daemon loaded the rules in the past. But eventaully it was noticed
    that there was a problem where system events that were of interest occurred
    before auditd could start. Splitting them allows the rules to load sooner so
    the events are waiting when auditd registers with the kernel.
    
    The secondary effect of this split is that some people may be satisfied with
    audit events in journald. This would let them have auditing without having to
    install auditd and it man pages and utilities. It certainly won't have search
    and report capabilities. But they may be offloading events to a central SIEM
    and don't care.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=2258520
    
    Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
file modified
+3 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.