Disable DAC change auditing
This patch disables all of the discretionary access control (DAC) auditing in auditd. This should reduce the volume of logs created during deployments and during OpenStack CI jobs. The patch also corrects an incorrect key in the audit logs for V-38568. Closes-Bug: 1620849 Change-Id: I193f739647cfb7d0ce395984b51867bf6bd46cd8
This commit is contained in:
Major Hayden
@@ -64,17 +64,17 @@ security_audit_clock_settime: yes # V-38527
|
||||
security_audit_clock_settimeofday: yes # V-38522
|
||||
security_audit_clock_stime: yes # V-38525
|
||||
security_audit_DAC_chmod: no # V-38543
|
||||
security_audit_DAC_chown: yes # V-38545
|
||||
security_audit_DAC_lchown: yes # V-38558
|
||||
security_audit_DAC_chown: no # V-38545
|
||||
security_audit_DAC_lchown: no # V-38558
|
||||
security_audit_DAC_fchmod: no # V-38547
|
||||
security_audit_DAC_fchmodat: no # V-38550
|
||||
security_audit_DAC_fchown: yes # V-38552
|
||||
security_audit_DAC_fchownat: yes # V-38554
|
||||
security_audit_DAC_fremovexattr: yes # V-38556
|
||||
security_audit_DAC_lremovexattr: yes # V-38559
|
||||
security_audit_DAC_fsetxattr: yes # V-38557
|
||||
security_audit_DAC_lsetxattr: yes # V-38561
|
||||
security_audit_DAC_setxattr: yes # V-38565
|
||||
security_audit_DAC_fchown: no # V-38552
|
||||
security_audit_DAC_fchownat: no # V-38554
|
||||
security_audit_DAC_fremovexattr: no # V-38556
|
||||
security_audit_DAC_lremovexattr: no # V-38559
|
||||
security_audit_DAC_fsetxattr: no # V-38557
|
||||
security_audit_DAC_lsetxattr: no # V-38561
|
||||
security_audit_DAC_setxattr: no # V-38565
|
||||
security_audit_deletions: no # V-38575
|
||||
security_audit_failed_access: no # V-38566
|
||||
security_audit_filesystem_mounts: yes # V-38568
|
||||
|
||||
Reference in New Issue
Block a user