Sysctl: ipe.success_audit

This sysctl key defines if the system should create an audit event when a binary is succesfully executed, as part of IPE security module.

Values

Value	Description
0	Do not send audit event
1	Create audit event

Most systems have by default ipe.success_audit set to value 0.

Show current value

The value of the ipe.success_audit can be retrieved using the sysctl command.

sysctl ipe.success_audit

or using the proc file system:

sysctl /proc/sys/ipe.success_audit

Configure new value

To apply a new value, use the option --write, followed by the key and value.

sysctl --write ipe.success_audit=NEWVALUE

To ensure that these changes are also applied during the next boot, add them to a configuration file, typically something like /etc/sysctl.d/99-custom.conf.

Feedback

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!