STIG issue with auditctl -l
LC Bruzenak
lenny at magitekltd.com
Thu Nov 20 15:52:51 UTC 2014
On 11/20/2014 09:42 AM, leam hall wrote:
> The RHEL 6 STIG says:
>
> auditctl -l | grep syscall | grep chmod
>
> Should return lines referring to chmod. Those lines are in my
> audit.rules. Just doing an:
>
> auditctl -l | grep syscall
>
> Returns nothing. I've got no issues telling the STIG folks how to do
> their work, but wanted to make sure I know what I'm talking about
> first.
>
> Am I missing something if there's no "syscall" line(s) returned?
>
> Thanks!
>
> Leam
>
The auditctl command returns the rules loaded into the kernel.
Looks to me as if you might not have a running auditd or else your rules
were not all successfully loaded.
This can happen if there was an error inside the ruleset and you didn't
have the "-c" or "-i" flag set to continue loading the rules.
Check your syslog for any errors on startup; also just auditctl -l and
compare the loaded rules against your file.
HTH,
LCB
--
LC (Lenny) Bruzenak
lenny at magitekltd.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2193 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20141120/5b54c50e/attachment.p7s>
More information about the Linux-audit
mailing list