Sorry if this is a novice question, but in trying to gather up as much information on auditd I came across the Suse SLED 10/11 audit guides.

 

They reference setting a line in /etc/sysconfig/auditd to “auditd_disable_contexts=0”.  That line doesn’t exist in my default /etc/sysconfig/auditd file on RHEL5.

 

I saw a past mailing list thread from Dec. 11 2006 where Steve said it didn’t exist…so I’m a little confused.  Is this a SLED-thing only?  Was it ever part of the default auditd?  Is it safe to ignore this?  If it can be ignored, what functionality superseded it or delivered the same results in the first place?

 

Thanks in advance.

 

Aaron


The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.