On Mon, 2004-12-20 at 18:24, Browder, Tom wrote:
I joined, and took a look. With the audit tools, and audit=1, do I
need
to keep SELinux turned on?
Not if all you want is auditing. But note that you'll have to set up
audit filters via auditctl to audit what you want, vs. using SELinux
policy to enable auditing on particular objects. There is ongoing work
to add support for object-based auditing in the audit framework as well,
as noted on the linux-audit list.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency