While working with RHEL-6 and RHEL-7 systems, and understanding that you can set rules to immutable by adding *-e 2* to the end of the audit.rules file(s) I realized something.
If I want to add rules to a system due to new IT Governance, I might have to reboot every machine that gets the newly added rules. Is this true, or can I get away with simply executing, on both versions of RHEL (6 and 7): augenrules --check augenrules --load I ask, because I want to write some puppet code that is smart enough to ensure the rules are put into place. Do I really have to reboot a server in the middle of a work day or can I work around it with the use of the *augenrules* commands as listed above? Thanks in advance, -------------------------- Warron French
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
