How to learn the Message type?
David Flatley
dflatley at us.ibm.com
Fri Jan 22 13:48:33 UTC 2010
My audit install script installs your rules file with the -e 2
uncommented so I will have to adjust the script to account for this.
Thanks Steve
David Flatley CISSP
From: Steve Grubb <sgrubb at redhat.com>
To: linux-audit at redhat.com
Cc: David Flatley/Burlington/IBM at IBMUS
Date: 01/21/2010 04:50 PM
Subject: Re: How to learn the Message type?
On Thursday 21 January 2010 04:29:04 pm David Flatley wrote:
> Auditd fails to start due to -D in the /etc/audit/audit.rules file on
> two of my RHEL 5.3 systems.
> I am using Steve Grubb's STIG audit.rules file. Did I miss something with
> 5.3??
The very last command in that file puts the audit system in immutable mode
-
meaning you cannot change the rules without rebooting. Comment out that
line
if you want to let any changes into the audit system at any time.
-Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20100122/c5a4ef15/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20100122/c5a4ef15/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20100122/c5a4ef15/attachment-0001.gif>
More information about the Linux-audit
mailing list