Question about updating audit.rules
Warron S French
warron.s.french at aero.org
Thu Jun 23 12:49:20 UTC 2016
Thanks Steve, that's what I thought. I just wanted to unclutter my memory and get it clear in my understanding.
I am moving on to another job, so I have decided to attempt to set up a more personal email (driven) account with the Linux Audit Mailing List.
I hope to engage the List from that newly associated account in the near future.
Thanks,
Warron French, MBA, SCSA
-----Original Message-----
From: linux-audit-bounces at redhat.com [mailto:linux-audit-bounces at redhat.com] On Behalf Of Steve Grubb
Sent: Wednesday, June 22, 2016 11:17 PM
To: linux-audit at redhat.com
Subject: Re: Question about updating audit.rules
On Wednesday, June 22, 2016 07:56:23 PM warron.french wrote:
> I am writing puppet modules for work now. I am writing a module
> specifically oriented around audit for Linux and Solaris.
>
> But I would like to know is after updating audit.rules in Linux with
> immutable mode turned on; is a restart of the audit process actually
> required for the rules to take effect.
In immutable mode, a REBOOT is required to reload audit rules. In immutable mode, the rules are locked into the kernel. So, the kernel needs restarting.
-Steve
--
Linux-audit mailing list
Linux-audit at redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list