Using system-config-audit getting key (-k) configuration errors when saving changes.
[EMAIL PROTECTED] ~]# Stopping auditd: [ OK ] Starting auditd: [ OK ] key option needs a watch or syscall given prior to it There was an error in line 9 of /etc/audit/audit.rules cat /etc/audit/audit.rules -e 1 -f 2 -b 8192 -r 0 -D -a entry,always -S adjtimex -S settimeofday -a entry,always -S clock_settime -a entry,always -k kill -S kill -a exit,always -k system-locale -S sethostname -a exit,always -F exit=-13 -k creation -S creat -S mkdir -S mknod -S link -S symlink -a exit,always -F exit=-13 -k creation -S mkdirat -S mknodat -S linkat -S symlinkat If I remove the key from line 9 and save, get error reported line 10, etc. Started with NISPOM.rules contrib file. Art Henning (CSL) Enterprise IT Solutions Northrop Grumman Corp [EMAIL PROTECTED] -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
