Removal of audit rules with audit start
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Feb 14 20:49:16 UTC 2005
On Mon, 14 Feb 2005 14:32:36 CST, Kris Wilson said:
> I found that when I stop auditd, any existing audit rules still exist, but
> they are
> deleted when I restart using audit-0.6.2. Is this new behavior deliberate
> and
> preferred? Is there a new option to not delete rules on startup? All our
> tests
> are stopping and restarting auditd between assertions and cleaning out the
> log file to reduce clutter. We'll need to change the tests if this will no
> longer
> work. If users have a lot of rules created but have to bring down auditd
> for
> some reason, won't this be a problem?
List the rules in /etc/audit.rules (new file added in 0.6.2)....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050214/37bf3323/attachment.sig>
More information about the Linux-audit
mailing list