Is there some redundancy between Audit and SystemTap ?
Audit can monitor a system call .. SystemTap does so
Audit can monitor single files .. Again, System tap does so
The uncommon thing now is the ability to audit LSMs by ,say, a MAC subject label and giving
LSMs an easy structure to report violations.
It'll be interesting to see how will they both react once SystemTap gains more popularity.