What is the proper way to enable auditd and rules with Project Atomic? - installed audit-2.6.5-3.el7.x86_64 (rpm-ostree pkg-add audit -r)
Whenever I had a rule(s) like the following: -w /usr/bin/docker -k docker -w /etc/docker -k docker -w /etc/sysconfig/docker -k docker I'll get a log error message "There was an error in line 5 of /etc/audit/audit.rules" if I remove all my rules, the logs will state the following: systemd[1]: Starting Security Auditing Service... systemd[1]: auditd.service: main process exited, code=exited, status=6/NOTCONFIGURED systemd[1]: Failed to start Security Auditing Service. systemd[1]: Unit auditd.service entered failed state. systemd[1]: auditd.service failed. Any thoughts? Thanks. Steve
