Le 05/11/17 à 18:24, Clément Hermann a écrit :
Hi,


now that apparmor is actually enabled by default, it would be nice to be
able to use aa-notify without using sudo by applying nicoo's patch:

https://anonscm.debian.org/cgit/collab-maint/audit.git/log/?h=nicoo/debian

Can you please look into it ?
Well, I'm not sure

The proper way to monitor the audit log would be to use audispd and create a daemon responding to the events (this is what setroubleshoot is doing).

Parsing the logs manually is meh (especially if you take into account that the kernel is not using the proper audit event id)



Cheers,


--

nodens

Reply via email to