How to learn the Message type?
Steve Grubb
sgrubb at redhat.com
Thu Jan 21 21:49:21 UTC 2010
On Thursday 21 January 2010 04:29:04 pm David Flatley wrote:
> Auditd fails to start due to -D in the /etc/audit/audit.rules file on
> two of my RHEL 5.3 systems.
> I am using Steve Grubb's STIG audit.rules file. Did I miss something with
> 5.3??
The very last command in that file puts the audit system in immutable mode -
meaning you cannot change the rules without rebooting. Comment out that line
if you want to let any changes into the audit system at any time.
-Steve
More information about the Linux-audit
mailing list