Re: How to learn the Message type?
On Monday 25 January 2010 11:37:01 am David Flatley wrote:
Your audit.rules file for STIG compliance is mostly geared
towards RHEL
5 systems?
Yes.
When I try to run it on a RHEL 4 system it complains about the
filters (-k)
and other things.
Yes, there is that and the fact that directory auditing is not recursive and
you cannot write fancy rules that do file system watching without naming the
syscall. It may be possible to make some adjustments to the RHEL5 rules, but I
don't know if you would wind up with lots of unnecessary data as a result of
RHEL4's audit capabilities.
-Steve