Yes I have had to adjust
the rules file for RHEL 4. I have this running on several RHEL 4 systems
with no problems but this system is a server
running a database. I upped the priority
from 3 to 4 and increased the buffer from 8 to 12 megs. I will recheck
for the -F.
Thanks.
D Flatley
From:
Steve Grubb <sgrubb@redhat.com>
To:
linux-audit@redhat.com
Cc:
David Flatley/Burlington/IBM@IBMUS
Date:
05/05/2011 08:48 AM
Subject:
Re: Audit slowing system.
On Wednesday, May 04, 2011 03:41:09 PM David Flatley
wrote:
> RHEL 4.7 system running Steve Grubb's STIG compliant
audit.rules file.
> System seems to be struggling to run audit. I run this
> config on several systems with no problems. Top does not show anything
> that indicates a problem, no directories filling. Any
> suggestions on settings to change? It is a 64 bit system with the
32 bit
> rules commented out in the rules file.
Are you getting lots of audit events logged? If so, that might point towards
a rule
that might need adjusting. Also, stig rules were never shipped (or tested)
on RHEL4.
So, I don't know which ones you are using. If the rules do not explicitly
add the -F
arch=b64 on the 64 bit rules, that would cause problems.