Hi, Laurent Bigonville wrote (17 Aug 2015 08:58:52 GMT) : > Le Mon, 17 Aug 2015 10:37:00 +0200, > intrigeri <intrig...@debian.org> a écrit : > Sorry for not replying earlier.
No problem, thanks for replying. > The problem might be IIRC that the auditd daemon itself check the > mode/owner/group of the files on disk before starting. I do not > remembrer all the details though. Sorry, I should have been clearer. I've tested that this combination works just fine on current sid: * log_group = adm * dpkg-statoverride --update --add root adm 750 audit > We need the check that by changing this we are not loosing some kind of > US gouvernement certifications if we really care about this (auditd > daemon follows some gouvernement recommendations/certification). Is there any practical value in complying to such recommendations in a single package, as long as the underlying base OS does not? (I suspect not, but that's a genuine question, not a rhetorical one: I have actually no idea how these things work, nor whether we have any Debian users who care about that.) > Maybe you could ask on the linux-au...@redhat.com mailing list? Yes, I can do that if needed, once we've clarified whether that's a goal worth pursuing (otherwise there's no point). Cheers, -- intrigeri