Current Red Hat Kernels 2.6.18 & 2.6.32 not able to have non-existent files in audit.rules?
Steve Grubb
sgrubb at redhat.com
Tue Feb 2 19:03:53 UTC 2016
On Tue, 2 Feb 2016 12:05:38 -0500
leam hall <leamhall at gmail.com> wrote:
> Running into errors where we're pushing out a blanket audit.rules
> file and some servers don't have some of the files. I've seen the -i
> and -c suggestion for auditctl but wanted to confirm that that's the
> right choice. We need to ensure warnings don't choke auditd or make
> it skip other rules.
-c will make it continue but ultimately report failure.
-i will make it continue and pretend nothing is wrong.
Either could be correct depending on whether you want success or
failure final status.
-Steve
More information about the Linux-audit
mailing list