Ansible is the standard on RHEL 7 now. You can also look for chef, too.
From: warron.french <warron.french(a)gmail.com>
To: Steve Grubb <sgrubb(a)redhat.com>
Cc: linux-audit(a)redhat.com
Sent: Friday, August 4, 2017 4:11 PM
Subject: Re: Stop/Disable AUDITD on RHEL7
Hello Steve, I am not running Puppet on this system. Specifically because it is to be
built as my newer RH Satellite 6.2.10 server.
The flush variable has been set to data.
I am using an image built by a coworker, but as I said we are not running Puppet on this
particular host - guaranteed. What other sort of systems management tools can I check
for?
--------------------------
Warron French
On Fri, Aug 4, 2017 at 3:31 PM, Steve Grubb <sgrubb(a)redhat.com> wrote:
On Thursday, August 3, 2017 5:12:39 PM EDT warron.french wrote:
I am running RHEL 7 Server so that I can also run Red Hat Satellite.
I seem to be having resource contention problems and auditd is a part of
the problem consuming up to 22.0% according to results of the *top* command.
I'd be curious what the flush technique is in auditd.conf.
I have:
1. executed a *systemctl disable auditd; systemctl stop auditd* (with
an error about dependencies)
"service auditd stop" is the correct way to stop auditd.
2. executed a *service auditd stop (*and the service stops but
doesn't
not remain stopped).
Do you have some systems management software that is sneaking in behind you
and modifying settings and starting it?
3. Rebooting the machine after the *systemctl disable auditd
*also
didn't have any effect.
It should. I don't know how else it could get re-enabled without some systems
management software also configuring it when you're not looking.
-Steve
I did set -e 1 in the audit.rules file so that I could stop the
auditd on
my demand, but the service restarts anyway.
Thanks for your help in advance.
--------------------------
Warron French
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit