<html><body>
<p>Hi,<br>
<br>
I found that when I stop auditd, any existing audit rules still exist, but they are<br>
deleted when I restart using audit-0.6.2. Is this new behavior deliberate and <br>
preferred? Is there a new option to not delete rules on startup? All our tests <br>
are stopping and restarting auditd between assertions and cleaning out the <br>
log file to reduce clutter. We'll need to change the tests if this will no longer <br>
work. If users have a lot of rules created but have to bring down auditd for <br>
some reason, won't this be a problem?<br>
<br>
Thanks!<br>
<br>
<br>
Kris Wilson<br>
Linux Security<br>
(512) 838-0126 T/L:678-0126<br>
krisw@us.ibm.com</body></html>