« Back to ipe

Sysctl: ipe.success_audit

This sysctl key defines if the system should create an audit event when a binary is successfully executed, as part of IPE security module.

Values

ValueDescription
0Do not send audit event
1Create audit event

Most systems have by default ipe.success_audit set to value 0.

Show current value

The value of the ipe.success_audit can be retrieved using the sysctl command.

sysctl ipe.success_audit

or using the proc file system:

sysctl /proc/sys/ipe.success_audit

Configure new value

To apply a new value, use the option --write, followed by the key and value.

sysctl --write ipe.success_audit=NEWVALUE

To ensure that these changes are also applied during the next boot, add them to a configuration file, typically something like /etc/sysctl.d/99-custom.conf.

Related articles

Like to learn more? Here is a list of articles within the same category or having similar tags.

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon