STIG issue with auditctl -l
Steve Grubb
sgrubb at redhat.com
Thu Nov 20 16:10:55 UTC 2014
On Thursday, November 20, 2014 10:42:04 AM leam hall wrote:
> The RHEL 6 STIG says:
>
> auditctl -l | grep syscall | grep chmod
This is a forensics check of the system. A configuration scan should do
cat /etc/audit/audit.rules
> Should return lines referring to chmod. Those lines are in my
> audit.rules. Just doing an:
>
> auditctl -l | grep syscall
The format of the output changed. But the STIG is not right for mixing a
forensics check with a configuration checks. If you really needed to do a check
using auditctl, then use this:
auditctl -l | grep chmod
Just grep on the syscall and leave system out of it. You should have never
needed it unless
-Steve
More information about the Linux-audit
mailing list