This rule will let you know when an SUID binary is *executed*
https://github.com/simp/pupmod-simp-auditd/blob/master/templates/base.erb#L50:L55
.
I would not run any filesystem searches from Puppet, I would relegate those
to cron+syslog so that you can better control the amount of I/O churn on
you
Hi Fred,
On 05 Sep 2015, at 19:36, Frédéric Lespez wrote:
> Hi,
>
> Inside a manifest, you can know if noop is enabled thanks to the $clientnoop
> variable[1].
> But inside a custom function, how can you know it ?
$clientnnop is a fact [1]
You can access facts from functions e.g. by using look
