Hello,
On Sat, Feb 27, 2021 at 6:19 PM Richard Guy Briggs wrote:
> On 2021-02-26 15:21, Andreas Hasenack wrote:
> Issue ghak124 (https://github.com/linux-audit/audit-kernel/issues/124)
> introduced auditing for nftables modifications. It turns out it was far
> too verbose but may have listed
On 2021-02-26 15:21, Andreas Hasenack wrote:
> Hi,
Hi Andreas,
> is there a way to audit ipset changes?
>
> The closest I got was to log the specific "socket(AF_NETLINK, SOCK_RAW,
> NETLINK_NETFILTER)" call that ipset makes, but that obviously also triggers
> read
Hi,
is there a way to audit ipset changes?
The closest I got was to log the specific "socket(AF_NETLINK, SOCK_RAW,
NETLINK_NETFILTER)" call that ipset makes, but that obviously also triggers
read-only operations like "ipset list", and any other app that opens suck a
so