Hello, I am required (by NISPOM) to audit access to security related files. I am essentially using the nispom audit.rules provided by rhel5 to accomplish this. However, some of my systems are capturing access to /etc/shadow and some of my systems are not (when looking in /var/log/audit/audit.log. Worried that I might have differing audit.rules files between the systems I have even copied the audit.rules file from systems that were auditing right to systems that were not. But this has not resolved the auditing problem. HELP! Thank you! Starr -- Linux-audit mailing list Linux-audit(a)redhat.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAksY65UACgkQyjMdFR1108DMmwCePtILlhUsKjwrEZQi2Dw2wwmt aJsAn3uJtMYXDzB/w2Pq6grvIuuQJ9gE =qFmA -----END PGP SIGNATURE-----