Audit not taking rules
Bo
beowulfnewbee at gmail.com
Wed Jul 2 22:44:49 UTC 2008
I have RHEL 4 install (update 5).
aureport seems to be working, so as the /var/log/audit/audit.log
however auditd does not take any of my watch rules
[root at master ~]# service auditd restart
Stopping auditd: [ OK ]
Starting auditd: [ OK ]
Error sending watch insert request (Invalid argument)
There was an error in line 26 of /etc/audit.rules
When do auditctl -l,
[root at master ~]# auditctl -l
No rules
File system watches not supported
Can anyone point me to a solution?
audit version 1.0.15
kernel 2.6.22.5
here is my audit.rules
## Remove any existing rules
-D
## Increase buffer size to handle the increased number of messages.
## Feel free to increase this if the machine panic's
-b 1024
## Set failure mode to panic
-f 2
-w /boot -p wa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20080702/f177ec0d/attachment.htm>
More information about the Linux-audit
mailing list