Hello, I just wanted to confirm for my memory that if I wanted to confirm that the auditd process running on my system was configured correctly and intended to be *immutable (*setting *-e 2*) I would do so easily by executing:
*auditctl -s* When I execute that command I get back in the results that have: *enabled 1* *loginuid_immutable 0 unlocked* *among a few other lines.* Shouldn't I actually see *enabled 2*? I have in one of our .rules files under /etc/audit/rules.d/ the syntax "-e 2". Thanks, -------------------------- Warron French
-- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
