-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Starr,
The default rule set that comes with RHEL5 will not function properly on a 32 bit system. It will, however, function properly on a 64 bit system. If you have a mix of architectures, this may be your problem. To fix it for the 32 bit systems, try the following: sed -e '/arch=b64/d' /etc/audit/audit.rules > audit.rules.32 and use the resulting file as your primary audit rule set. Trevor On 11/25/2009 11:57 AM, Starr-Renee Corbin wrote: > Hello, > > I am required (by NISPOM) to audit access to security related files. I > am essentially using the nispom audit.rules provided by rhel5 to > accomplish this. > > However, some of my systems are capturing access to /etc/shadow and some > of my systems are not (when looking in /var/log/audit/audit.log. > > Worried that I might have differing audit.rules files between the > systems I have even copied the audit.rules file from systems that were > auditing right to systems that were not. But this has not resolved the > auditing problem. > > HELP! > > Thank you! > > Starr > > > > > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAksY65UACgkQyjMdFR1108DMmwCePtILlhUsKjwrEZQi2Dw2wwmt aJsAn3uJtMYXDzB/w2Pq6grvIuuQJ9gE =qFmA -----END PGP SIGNATURE----- -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
