Please add support for the --loginuid-immutable flag that is available to auditctl. This prevents an administrative user from changing their audit uid once it has been set. It is implemented as a feature. This functionality could help wider adoption of auditbeat.
https://github.com/linux-audit/audit-userspace/blob/de35e6f18212e03e9ca57124ce5362c26aae22a2/lib/libaudit.c#L586-L595
Please add support for the
--loginuid-immutableflag that is available toauditctl. This prevents an administrative user from changing their audit uid once it has been set. It is implemented as a feature. This functionality could help wider adoption of auditbeat.https://github.com/linux-audit/audit-userspace/blob/de35e6f18212e03e9ca57124ce5362c26aae22a2/lib/libaudit.c#L586-L595