On Thursday, November 20, 2014 10:42:04 AM leam hall wrote: > The RHEL 6 STIG says: > > auditctl -l | grep syscall | grep chmod
This is a forensics check of the system. A configuration scan should do cat /etc/audit/audit.rules > Should return lines referring to chmod. Those lines are in my > audit.rules. Just doing an: > > auditctl -l | grep syscall The format of the output changed. But the STIG is not right for mixing a forensics check with a configuration checks. If you really needed to do a check using auditctl, then use this: auditctl -l | grep chmod Just grep on the syscall and leave system out of it. You should have never needed it unless -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
