Status of /etc/audit/filter.conf
Bill Tangren
bjt at usno.navy.mil
Wed Apr 25 20:35:23 UTC 2007
Aaron Lippold wrote:
> Hello All,
>
> Silly question 1:
>
> I have a security checking script that is complaining that my system
> is not able to audit all discretionary access to control permission
> modifications.
>
> To verify this it is looking for /etc/audit/filter.conf
>
> Is this still the correct place to look on RHEL4/5? I'd assume not
> since I can't find a man page on audit-filter.conf anymore.
>
> Silly Question 2:
>
> If not, where and how would I add this feature to my audit configuration?
>
> Thanks,
>
> Aaron
The Linux SRR script you are referring to (GEN002800, I think) was broken as of
the January version of the SRR. They might have fixed it in the March version, I
don't know.
More information about the Linux-audit
mailing list