On Tuesday 07 April 2009 12:01:04 pm LC Bruzenak wrote: > Q: Should I remove the arch=b32 audit rules if all machines are 64-bit? > Previously we had both; loaded same ruleset everywhere.
If you had a i386, you could drop the b64 rules. However, x86_64 has both 32 and 64 bit syscalls. So you need both for full coverage. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
