Skip to main content
Unix & Linux

Questions tagged [audit]

Ask Question

The tag has no summary.

171 questions
Newest Active Bountied Unanswered
2 votes
0 answers
135 views

My dmesg log is littered with the following kind of lines: [ +0.000009] audit: type=1400 audit(1745688898.020:223710): apparmor="ALLOWED" operation="getattr" class="file"...
einpoklum's user avatar
  • 11.1k
1 vote
1 answer
603 views

I'm torrenting with Transmission GTK. My dmesg log is being flooded by audit, and without knowing what good it is for, I do not even care much, I cannot use dmesg for other purposes. It floods so fast ...
Vlastimil Burián's user avatar
  • 31.3k
0 votes
1 answer
323 views

I am running auditd on a Debian 11 server with a very generic set of audit rules. The audit log is filled with entries like below. I'm not sure what they are - can anyone help identify these? I'm ...
user1309220's user avatar
  • 15
1 vote
1 answer
190 views

I've noticed that tcsh, regardless of whether "-f" flag is passed on the shebang line, will iterate through $PATH, and try to execute the command from that path until the command is found. ...
Maikol's user avatar
  • 164
0 votes
1 answer
3k views

I was trying to see what was enabling ipv4 forwarding in file /proc/sys/net/ipv4/ip_forward (I've discovered that this was docker, but I'd still like to understand my auditd issue) So I decided to ...
wabbajack001's user avatar
  • 91
0 votes
1 answer
70 views

I have a user with a misspelled username on my CentOS 8 system which I thought I had corrected but I have noticed the username is showing up in the audit log incorrectly. The correct username is: ...
Ewan's user avatar
  • 1
1 vote
2 answers
1k views

In shared environment where multiple users have sudo account, I want to find out underlying user id (not a sudo account) details who has invoked particular script. Thanks. I tried below but it does ...
AshwinD's user avatar
  • 11
0 votes
0 answers
657 views

After installing Debian 12 and rsyslog 8.2302 (for TLS remote syslog), I noticed that apparmor logs (or any audit logs) were not being sent remotely. After reviewing the local system, journald DOES ...
user avatar

15 30 50 per page
1
2 3 4 5
12