Le 05/11/17 à 18:24, Clément Hermann a écrit :
Hi,
now that apparmor is actually enabled by default, it would be nice to be
able to use aa-notify without using sudo by applying nicoo's patch:
https://anonscm.debian.org/cgit/collab-maint/audit.git/log/?h=nicoo/debian
Can you please look into it ?
Well, I'm not sure
The proper way to monitor the audit log would be to use audispd and
create a daemon responding to the events (this is what setroubleshoot is
doing).
Parsing the logs manually is meh (especially if you take into account
that the kernel is not using the proper audit event id)
Cheers,
--
nodens