My audit install script installs your rules file with the -e 2
uncommented so I will have to adjust the script to account for this.
Thanks Steve
David Flatley CISSP
From: Steve Grubb <[email protected]>
To: [email protected]
Cc: David Flatley/Burlington/i...@ibmus
Date: 01/21/2010 04:50 PM
Subject: Re: How to learn the Message type?
On Thursday 21 January 2010 04:29:04 pm David Flatley wrote:
> Auditd fails to start due to -D in the /etc/audit/audit.rules file on
> two of my RHEL 5.3 systems.
> I am using Steve Grubb's STIG audit.rules file. Did I miss something with
> 5.3??
The very last command in that file puts the audit system in immutable mode
-
meaning you cannot change the rules without rebooting. Comment out that
line
if you want to let any changes into the audit system at any time.
-Steve
<<inline: graycol.gif>>
<<inline: ecblank.gif>>
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
