Hi, Steve Grubb wrote (09 May 2016 19:33:16 GMT) : > I can't think of any problems. Just set the log_group = adm in auditd.conf > and > fixup the packaging to have that as the group owner. Auditd should create the > logs with 0640 permissions.
It's good to see that upstream is happy with that :) Shall we go ahead then? FTR, my proposal is: 1. Set log_group = adm in /etc/audit/auditd.conf by default 2. Make /var/log/audit 0710, owned by root:adm Cheers, -- intrigeri
