-
Notifications
You must be signed in to change notification settings - Fork 30
HOWTO Fedora Enable Auditing
Paul Moore edited this page Dec 19, 2023
·
5 revisions
In Fedora, there is a default rule that effectively disables the ability to audit processes. The effect of this is that you may not get path information in an AVC which makes it harder for the SELinux policy writers to diagnose a problem and fix it. To get full information, edit /etc/audit/rules.d/audit.rules to look like this:
## This set of rules is to suppress the performance effects of the
## audit system. The result is that you only get hardwired events.
-D
## This suppresses syscall auditing for all tasks started
## with this rule in effect. Remove it if you need syscall
## auditing.
#-a task,never
Then to make the new rules take effect, as root run:
augenrules --load
All information in this wiki is licensed under the CC BY 4.0 license.