Current Red Hat Kernels 2.6.18 & 2.6.32 not able to have non-existent files in audit.rules?
leam hall
leamhall at gmail.com
Tue Feb 2 19:12:54 UTC 2016
Thanks Steve! In this case I think we want it to pretend nothing is wrong.
Sadly, that means other errors might get passed over so we have to watch
for those.
Leam
On Tue, Feb 2, 2016 at 2:03 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Tue, 2 Feb 2016 12:05:38 -0500
> leam hall <leamhall at gmail.com> wrote:
>
> > Running into errors where we're pushing out a blanket audit.rules
> > file and some servers don't have some of the files. I've seen the -i
> > and -c suggestion for auditctl but wanted to confirm that that's the
> > right choice. We need to ensure warnings don't choke auditd or make
> > it skip other rules.
>
> -c will make it continue but ultimately report failure.
> -i will make it continue and pretend nothing is wrong.
>
> Either could be correct depending on whether you want success or
> failure final status.
>
> -Steve
>
--
Mind on a Mission <http://leamhall.blogspot.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20160202/ed6cfbad/attachment.htm>
More information about the Linux-audit
mailing list