410 B
410 B
---id: V-38559 status: opt-in tag: auditd ---
The audit rules for permission changes made with
lremovexattr are disabled by default as they can generate
an excessive amount of logs in a short period of time, especially during
a deployment.
Deployers can enable auditing for lremovexattr usage by
setting the following Ansible variable:
security_audit_DAC_lremovexattr: yes