Re: STIG issue with auditctl -l
On 11/20/2014 09:42 AM, leam hall wrote:
The RHEL 6 STIG says:
auditctl -l | grep syscall | grep chmod
Should return lines referring to chmod. Those lines are in my
audit.rules. Just doing an:
auditctl -l | grep syscall
Returns nothing. I've got no issues telling the STIG folks how to do
their work, but wanted to make sure I know what I'm talking about
first.
Am I missing something if there's no "syscall" line(s) returned?
Thanks!
Leam
The auditctl command returns the rules loaded into the kernel.
Looks to me as if you might not have a running auditd or else your rules
were not all successfully loaded.
This can happen if there was an error inside the ruleset and you didn't
have the "-c" or "-i" flag set to continue loading the rules.
Check your syslog for any errors on startup; also just auditctl -l and
compare the loaded rules against your file.
HTH,
LCB
--
LC (Lenny) Bruzenak
lenny(a)magitekltd.com
Attachments:
- smime.p7s (application/pkcs7-signature — 2.1 KB)