auditd - I have no rules set, still there is activity in audit.log
Hi, I am trying to audit file deletions in a folder, and have set the rule accordignly, but saw a lot of entries being logged of types: USER_ACCTR, CRED_ACQ and USER_AUTH.
I have no idea were these come from, even starting auditd without any rules active, these entries are being logged.
Does anyone have an idea?
thanks much.
|