| Auditd Daemon |
| |
| The audit daemon is a simplified version of its desktop |
| counterpart designed to gather the audit logs from the |
| audit kernel subsystem. The audit subsystem of the kernel |
| includes Linux Security Modules (LSM) messages as well. |
| |
| To enable the audit subsystem, you must add this to your |
| kernel config: |
| CONFIG_AUDIT=y |
| |
| To enable a LSM, you must consult that LSM's documentation, the |
| example below is for SELinux: |
| CONFIG_SECURITY_SELINUX=y |
| |
| This does not include possible dependencies that may need to be |
| satisfied for that particular LSM. |