auditd
Ed Greshko
ed.greshko at greshko.com
Sun May 31 00:51:46 UTC 2015
On 05/30/15 10:40, Matthew Miller wrote:
> is pretty effective. Primary downside: if you have SELinux violations,
> you don't get (as close to as SELinux gets) user-friendly explanations.
Of course the biggest downside to turning off auditd, and potentially other logging services, is that when error/problems exist you'll not be notified nor will you have a record of what went wrong. So, I can easily see situations where things are failing but there is no log or evidence as to why. Thus, making troubleshooting nearly impossible.
--
If you can't laugh at yourself, others will gladly oblige.
More information about the users
mailing list