Re: Question about updating audit.rules
On Wednesday, June 22, 2016 07:56:23 PM warron.french wrote:
I am writing puppet modules for work now. I am writing a module
specifically oriented around audit for Linux and Solaris.
But I would like to know is after updating audit.rules in Linux with
immutable mode turned on; is a restart of the audit process actually
required for the rules to take effect.
In immutable mode, a REBOOT is required to reload audit rules. In immutable
mode, the rules are locked into the kernel. So, the kernel needs restarting.
-Steve