On Wednesday, May 04, 2011 03:41:09 PM David Flatley wrote: > RHEL 4.7 system running Steve Grubb's STIG compliant audit.rules file. > System seems to be struggling to run audit. I run this > config on several systems with no problems. Top does not show anything > that indicates a problem, no directories filling. Any > suggestions on settings to change? It is a 64 bit system with the 32 bit > rules commented out in the rules file.
Are you getting lots of audit events logged? If so, that might point towards a rule that might need adjusting. Also, stig rules were never shipped (or tested) on RHEL4. So, I don't know which ones you are using. If the rules do not explicitly add the -F arch=b64 on the 64 bit rules, that would cause problems. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
