Re: audit.rules setting
On Tuesday, March 22, 2016 12:55:25 PM Warron S French wrote:
Does the "-e 2" have to be the last line of the audit.rules
file?
Yes. Once its sent to the kernel, the kernel rules tables are immutable.
Does it have to be listed prior to all of the syscalls and watches
configured in the file?
No. This will make it not load anything.
-Steve