Setting Audit Rules
Steve Grubb
sgrubb at redhat.com
Mon Jul 25 19:06:26 UTC 2011
On Monday, July 25, 2011 02:27:33 PM Rye, Gene R. wrote:
> I am attempting to secure a RHEL 5 64bit system. I am modifying the
> stig.rules file to use as the audit.rules file. The NSA guide
> identifies some rules requiring the ARCH value to be either 64b or 32b.
> Some existing rules have both OS versions being audited. Should I leave
> both available even though my system is 64b or should I only use the 64b
> options?
All 64 bit x86_64 systems have both a 64 and 32 bit interface. So, you want both. 32
bit system don't and you would only want 32 bit values for it.
-Steve
More information about the Linux-audit
mailing list