Hello I've been tasked with fixing up a auditd policy but it's on a server that's actively being used and the policy installed was set immutable. I've tried searching and everyone recommends rebooting to escape immutable modeā¦ But is there really no way to code up something that, as root, removes immutable mode without a reboot? I find it pretty amazing nobody seems to have attempted to do this already.
- Disable auditd immutable mode without rebooting John Musbach
