Yes I have had to adjust the rules file for RHEL 4. I have this
running on several RHEL 4 systems with no problems but this system is a
server
running a database. I upped the priority from 3 to 4 and increased the
buffer from 8 to 12 megs. I will recheck for the -F.
Thanks.
D Flatley
From:
Steve Grubb <sgrubb(a)redhat.com>
To:
linux-audit(a)redhat.com
Cc:
David Flatley/Burlington/IBM@IBMUS
Date:
05/05/2011 08:48 AM
Subject:
Re: Audit slowing system.
On Wednesday, May 04, 2011 03:41:09 PM David Flatley wrote:
RHEL 4.7 system running Steve Grubb's STIG compliant
audit.rules
file.
System seems to be struggling to run audit. I run this
config on several systems with no problems. Top does not show anything
that indicates a problem, no directories filling. Any
suggestions on settings to change? It is a 64 bit system with the 32 bit
rules commented out in the rules file.
Are you getting lots of audit events logged? If so, that might point
towards a rule
that might need adjusting. Also, stig rules were never shipped (or tested)
on RHEL4.
So, I don't know which ones you are using. If the rules do not explicitly
add the -F
arch=b64 on the 64 bit rules, that would cause problems.
-Steve