From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: Q: encryted log
Date: Mon, 26 Nov 2018 15:30:28 -0500
Message-ID: <4938046.3qnvyOfarv@x2>
References: <CAJ2oMhKE4dqfYQtnnvf0LRM-4QwAqcrtv4UL5PwwW-Y3q=1jAg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <CAJ2oMhKE4dqfYQtnnvf0LRM-4QwAqcrtv4UL5PwwW-Y3q=1jAg@mail.gmail.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Saturday, November 24, 2018 10:37:41 AM EST Ranran wrote:
> Is there a way to encrypt the auditd logs which are saved to disk?
> The system need to save logs from local into disk (not a remote
> connection), but it should be saved encryped. Is there a way to do it

Typically audit logs are protected by virtue of needing root to read 
anything. An untrusted root user is something Linux isn't designed for. 

-Steve