Good evening, I'm doing research for my master's degree.
I must use auditd to audit everything that happens on the operating system.
There is in my scenario, a common user (foouser) who privilege elevation with su - or su (CentOS).
For example, when restarting a service I cannot identify...