On Monday, May 09, 2016 09:07:11 PM intrigeri wrote: > in Debian, the convention for many log files is to make them readable > by members of the adm group. We're considering doing the same for the > auditd logs, in order to make apparmor-notify work out-of-the-box. > > The maintainer of auditd in Debian would like to know what's your take > on it. What kind of problem could be created if we did that?
I can't think of any problems. Just set the log_group = adm in auditd.conf and fixup the packaging to have that as the group owner. Auditd should create the logs with 0640 permissions. -Steve
