Auditd Daemon | |
The audit daemon is a simplified version of its desktop | |
counterpart designed to gather the audit logs from the | |
audit kernel subsystem. The audit subsystem of the kernel | |
includes Linux Security Modules (LSM) messages as well. | |
To enable the audit subsystem, you must add this to your | |
kernel config: | |
CONFIG_AUDIT=y | |
To enable a LSM, you must consult that LSM's documentation, the | |
example below is for SELinux: | |
CONFIG_SECURITY_SELINUX=y | |
This does not include possible dependencies that may need to be | |
satisfied for that particular LSM. |