On Sat, Feb 29, 2020 at 08:51:22AM -0800, Lew Wolfgang wrote:
On 02/27/2020 04:07 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
El 2020-02-20 a las 09:13 -0800, Lew Wolfgang escribió:
No, not apparmor. I was thinking of the Linux Auditing System:
https://www.networkworld.com/article/2224092/linux-auditing-101.html
But /var/log/audit/audit.log is written by AA.
I'm not sure that AA writes the audit.log. The Audit Framework seems to be independent.
"TheLinux Audit framework <https://github.com/linux-audit>is a kernel feature (paired with userspace tools) that can log system calls. For example, opening a file, killing a process or creating a network connection. These audit logs can be used to monitor systems for suspicious activity."
Actually AppArmor uses the Linux audit framework log for its denial/approve events. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org