Question about updating audit.rules
Steve Grubb
sgrubb at redhat.com
Thu Jun 23 03:16:54 UTC 2016
On Wednesday, June 22, 2016 07:56:23 PM warron.french wrote:
> I am writing puppet modules for work now. I am writing a module
> specifically oriented around audit for Linux and Solaris.
>
> But I would like to know is after updating audit.rules in Linux with
> immutable mode turned on; is a restart of the audit process actually
> required for the rules to take effect.
In immutable mode, a REBOOT is required to reload audit rules. In immutable
mode, the rules are locked into the kernel. So, the kernel needs restarting.
-Steve
More information about the Linux-audit
mailing list