Using audit type ANOM_* to detect privilege escalation.
Issue
- Event ANOM_ROOT_TRANS is not triggered when a user becomes root.
- Audit type ANOM_* to detect privilege escalation is not working.
Environment
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.