On Monday 25 January 2010 11:37:01 am David Flatley wrote: > Your audit.rules file for STIG compliance is mostly geared towards RHEL > 5 systems?
Yes. > When I try to run it on a RHEL 4 system it complains about the filters (-k) > and other things. Yes, there is that and the fact that directory auditing is not recursive and you cannot write fancy rules that do file system watching without naming the syscall. It may be possible to make some adjustments to the RHEL5 rules, but I don't know if you would wind up with lots of unnecessary data as a result of RHEL4's audit capabilities. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
