On Thursday, September 8, 2016 9:42:09 AM EDT warron.french wrote: > While working with RHEL-6 and RHEL-7 systems, and understanding that you > can set rules to immutable by adding *-e 2* to the end of the audit.rules > file(s) I realized something. > > If I want to add rules to a system due to new IT Governance, I might have > to reboot every machine that gets the newly added rules.
Yes, you need to reboot. This is what immutable means - no changes allowed during runtime. > Is this true, or can I get away with simply executing, on both versions of > RHEL (6 and 7): > augenrules --check > augenrules --load These will fail. > I ask, because I want to write some puppet code that is smart enough to > ensure the rules are put into place. Do I really have to reboot a server > in the middle of a work day or can I work around it with the use of the > *augenrules* commands as listed above? This is what immutable does. If you need flexibility to change rules at will, then you should comment out or delete the -e 2 at the end. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
