Re: STIG issue with auditctl -l
On Thursday, November 20, 2014 10:42:04 AM leam hall wrote:
The RHEL 6 STIG says:
auditctl -l | grep syscall | grep chmod
This is a forensics check of the system. A configuration scan should do
cat /etc/audit/audit.rules
Should return lines referring to chmod. Those lines are in my
audit.rules. Just doing an:
auditctl -l | grep syscall
The format of the output changed. But the STIG is not right for mixing a
forensics check with a configuration checks. If you really needed to do a check
using auditctl, then use this:
auditctl -l | grep chmod
Just grep on the syscall and leave system out of it. You should have never
needed it unless
-Steve