I am using a Linux system (RHEL 6.9) with no audit rules set: $ sudo auditctl -l No rules
but some data is still populating the audit log file /var/log/audit/audit.log Are there processes (or kernel code) that generate their own audit events that bypass the configured audit rules? Thanks, Todd
-- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
