On a server running RHEL 7.2 the audit rules fail to load due to an error on this rule:
-a always,exit -F arch=b64 -S setuid -F a0=0 -F exe=/usr/bin/su -F key=10.2.5.b-elevated-privs-session >From what I have found it seems "exe" may not be a valid field on this >specific O.S. - is this correct? Does anyone have any recommendations on how >to track elevated privileges for all RHEL 6/7 systems?
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
