Re: rules.d on RHEL6
There is a different default setting between rhel6 and 7. See /etc/default/auditd I think
has a parameter that controls the use of /etc/audit/rules.d.
Sent from my mobile phone, please excuse the brevity.
On Apr 12, 2017, 7:19 AM, at 7:19 AM, "warron.french"
<warron.french(a)gmail.com> wrote:
It appears that this directory is not used at all on RHEL6.
I know I have mentioned this before; but it's true. If I *move* my
copy of
audit.rules from /etc/audit into the subdirectory rules.d and restart
audit; the audit.rules file is not recopied/regenerated or whatever by
the
auditd.
This behavior is different from RHEL7; where if you delete the
/etc/audit/audit.rules file or move it to
/etc/audit/rules.d/audit.rules;
the auditd functions as I expect.
Can someone please correct my understanding? Is the /etc/audit/rules.d
directory not supposed to be usable in RHEL6; but is in RHEL7?
--------------------------
Warron French
------------------------------------------------------------------------
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Attachments:
- attachment.html (text/html — 1.8 KB)