Auditd logging related to SELinux?

Question

Is there any relation between auditd and SELinux? Or can we use auditd even if SELinux is disabled?

See https://wiki.centos.org/HowTos/SELinux#head-c84fad68bffc5eca190fa3a1aab3cac2cfe94a63 — Royce Williams, Sep 10 '18 at 03:47

score 3 · Accepted Answer · answered Sep 05 '18 at 18:22

3

SELinux uses auditd for logging purposes, but auditd is independent from it. You can use auditd without SELinux present.

answered Sep 05 '18 at 18:22

mricon

This is correct, but perhaps you could expand on how it works (e.g. how SELinux uses the _audit subsystem_, which auditd interfaces with). – forest Sep 06 '18 at 03:13

1 Answers1