LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   What is Auditing support? (https://www.linuxquestions.org/questions/linux-newbie-8/what-is-auditing-support-349602/)

Beezer 08-03-2005 10:51 AM
What is Auditing support?
 
I'm trying to configure a 2.6 kernel (2.6.12.3 to be exact) and one of the first options to configure is auditing support. I've done some searching on the net to figure out exactly what it is and if I need it. My searches were unsuccessful and the description given from the menu

Quote:
Enable auditing infrastructure that can be used with another
kernel subsystem, such as SELinux (which requires this for
logging of avc messages output). Does not do system-call
auditing without CONFIG_AUDITSYSCALL
didn't help that much. What is the "auditing infrastructure" ? Do I need it?

Maybe this is just a minor option considering I have quite a few more left to configure, but
I've already compiled the kernel a few times now and was unsuccessful so I decided to figure out as best possible exactly what each option means.

I guess my next question is: What should I do when I can't figure out what an option does even after reading some docs and doing some searches? Is this the best place to come.

Thanks,
Beezer

Kdr Kane 08-03-2005 11:14 AM
Auditing is logging of all accesses and modifications of files. Logging is required for high-security systems as an audit trail to make sure only the authorized when they should.

It slows down your system and usually isn't necessary unless your business requires it.

btmiller 08-03-2005 08:33 PM
I'd suggest searching the archives of the Linux kernel mailing list, personally (there are links on www.kernel.org). IIRC this option also allows auditing of system calls made by processes, which can be useful if you have something like SELinux which can use it.


All times are GMT -5. The time now is 08:37 AM.