Re: How to learn the Message type?
My audit install script installs your rules file with the -e 2
uncommented so I will have to adjust the script to account for this.
Thanks Steve
David Flatley CISSP
From: Steve Grubb <sgrubb(a)redhat.com>
To: linux-audit(a)redhat.com
Cc: David Flatley/Burlington/IBM@IBMUS
Date: 01/21/2010 04:50 PM
Subject: Re: How to learn the Message type?
On Thursday 21 January 2010 04:29:04 pm David Flatley wrote:
Auditd fails to start due to -D in the /etc/audit/audit.rules file
on
two of my RHEL 5.3 systems.
I am using Steve Grubb's STIG audit.rules file. Did I miss something with
5.3??
The very last command in that file puts the audit system in immutable mode
-
meaning you cannot change the rules without rebooting. Comment out that
line
if you want to let any changes into the audit system at any time.
-Steve
Attachments:
- ecblank.gif (image/gif — 45 bytes)
- graycol.gif (image/gif — 105 bytes)
- attachment.html (text/html — 3.1 KB)
