On Mon, 14 Feb 2005 14:32:36 CST, Kris Wilson said: > I found that when I stop auditd, any existing audit rules still exist, but > they are > deleted when I restart using audit-0.6.2. Is this new behavior deliberate > and > preferred? Is there a new option to not delete rules on startup? All our > tests > are stopping and restarting auditd between assertions and cleaning out the > log file to reduce clutter. We'll need to change the tests if this will no > longer > work. If users have a lot of rules created but have to bring down auditd > for > some reason, won't this be a problem? List the rules in /etc/audit.rules (new file added in 0.6.2)....
Description: PGP signature