----- Original Message ----- > From: "warron.french" <warron.fre...@gmail.com> > To: linux-audit@redhat.com > Sent: Wednesday, April 12, 2017 10:18:55 AM > Subject: rules.d on RHEL6 > > It appears that this directory is not used at all on RHEL6. > > I know I have mentioned this before; but it's true. If I move my copy of > audit.rules from /etc/audit into the subdirectory rules.d and restart audit; > the audit.rules file is not recopied/regenerated or whatever by the auditd. > > This behavior is different from RHEL7; where if you delete the > /etc/audit/audit.rules file or move it to /etc/audit/rules.d/audit.rules; > the auditd functions as I expect. > > > Can someone please correct my understanding? Is the /etc/audit/rules.d > directory not supposed to be usable in RHEL6; but is in RHEL7?
Its usable but you have to run # augenrules --load Note that this will overwrite /etc/audit/audit.rules > -------------------------- > Warron French > > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit -- Simon Sekidde * Red Hat, Inc. * Tyson's Corner, VA Solution Architect, NA Public Sector gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
