On 29/02/2020 17.51, Lew Wolfgang wrote:
On 02/27/2020 04:07 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
El 2020-02-20 a las 09:13 -0800, Lew Wolfgang escribió:
No, not apparmor. I was thinking of the Linux Auditing System:
https://www.networkworld.com/article/2224092/linux-auditing-101.html
But /var/log/audit/audit.log is written by AA.
I'm not sure that AA writes the audit.log. The Audit Framework seems to be independent.
It is confusing. Maybe I'm confusing the files. My current file there is not from AA.
"TheLinux Audit framework <https://github.com/linux-audit>is a kernel feature (paired with userspace tools) that can log system calls. For example, opening a file, killing a process or creating a network connection. These audit logs can be used to monitor systems for suspicious activity."
-- Cheers / Saludos, Carlos E. R. (from oS Leap 15.0 x86_64 (Minas Tirith))