Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 543704 - sys-process/audit: drop custom default filters
Summary: sys-process/audit: drop custom default filters
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal with 1 vote (vote)
Assignee: SE Linux Bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-18 16:29 UTC by Joakim Tjernlund
Modified: 2020-01-28 23:25 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Joakim Tjernlund 2015-03-18 16:29:59 UTC
/etc/audit/audit.rules has this:

# The following rule would cause all of the syscalls listed to be ignored in logging.
-a exit,never -F arch=b32 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
-a exit,never -F arch=b64 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat

Which means logging is off for most syscalls. This is a big suprise when
you do your first audit logging and find you logs alomst empty.

Gentoo adds these lines, could these be put under comment per default instead?