On Thursday 21 January 2010 04:29:04 pm David Flatley wrote: > Auditd fails to start due to -D in the /etc/audit/audit.rules file on > two of my RHEL 5.3 systems. > I am using Steve Grubb's STIG audit.rules file. Did I miss something with > 5.3??
The very last command in that file puts the audit system in immutable mode - meaning you cannot change the rules without rebooting. Comment out that line if you want to let any changes into the audit system at any time. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
