It appears that this directory is not used at all on RHEL6. I know I have mentioned this before; but it's true. If I *move* my copy of audit.rules from /etc/audit into the subdirectory rules.d and restart audit; the audit.rules file is not recopied/regenerated or whatever by the auditd.
This behavior is different from RHEL7; where if you delete the /etc/audit/audit.rules file or move it to /etc/audit/rules.d/audit.rules; the auditd functions as I expect. Can someone please correct my understanding? Is the /etc/audit/rules.d directory not supposed to be usable in RHEL6; but is in RHEL7? -------------------------- Warron French
-- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
