I see this topic come up a lot and I have dealt with the question from
auditors too. Unless you have full auditing enabled, the simple answer is
no.
Think about this -- a file is writable by the owner and a group - the group
contains 1000 users. Auditd is NOT enabled. One of those 1000 users
On Mon, Nov 12, 2012 at 10:51 AM, Kat uncommon...@gmail.com wrote:
I see this topic come up a lot and I have dealt with the question from
auditors too. Unless you have full auditing enabled, the simple answer is
no.
Think about this -- a file is writable by the owner and a group - the group
auditd is a Unix-centric process. Kind of like ACLs though. They all have
it, but they all have slightly different ways of enabling and managing.
All,
My 2 cents, though it appears auditd (for Linux) may not be the OS the
originator was asking about...
Two comments:
1) auditd (for Linux) support is provided within the kernel. I have not found
it to be CPU intensive provided you do not try to audit every syscall under the
sun.
2)