[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Removal of audit rules with audit start



On Mon, 14 Feb 2005 14:32:36 CST, Kris Wilson said:

> I found that when I stop auditd, any existing audit rules still exist, but
> they are
> deleted when I restart using audit-0.6.2.  Is this new behavior deliberate
> and
> preferred?  Is there a new option to not delete rules on startup?  All our
> tests
> are stopping and restarting auditd between assertions and cleaning out the
> log file to reduce clutter.  We'll need to change the tests if this will no
> longer
> work.  If users have a lot of rules created but have to bring down auditd
> for
> some reason, won't this be a problem?

List the rules in /etc/audit.rules (new file added in 0.6.2)....

Attachment: pgp00003.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]