I think your permissions are wrong. I'm running RHEL 6.5, but that
shouldn't make a difference.
Run these two commands as root (omit the hashes at the beginning):
# chown root:root /etc/audit/auditd.conf /etc/audit/audit.rules
# chmod 640 /etc/audit/auditd.conf /etc/audit/audit.rules
Hope this helps!
Tom Albrecht III, CISSP-ISSEP, GPEN
Alpine Cyber Solutions
On 09/05/2014 09:30 AM, Margaret M Sanders wrote:
Hello....I've been lurking around trying to pick up tidbits for Linux. I
actually have RHEL 5---but need some help w/ a problem regarding the auditing.
I used SECSCN to modify my audit.rules, following their instructions.
My auditd will not start. When I look at the messages, it tells me that
permissions are denied. The permissions for my auditd.conf and audit.rules are
rwx--r--r.
When I go to services and try to stop---stop is successful. But when I try to
start, start fails.
My run levels are 1-5 on.
What else am I missing? The auditd.conf is exactly the same as my auditd.conf
for my CentOS 6.2 which is right next to the RHEL 5. It works fine.
I'd appreciate either some help in the form of troubleshooting--or a link to the
"right" forum for this question.
Thank you,
M. Sanders
ISSO, SwRI
210-522-6862
--
SCAP Security Guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
