rules.d on RHEL6
Simon Sekidde
ssekidde at redhat.com
Wed Apr 12 14:33:48 UTC 2017
----- Original Message -----
> From: "warron.french" <warron.french at gmail.com>
> To: linux-audit at redhat.com
> Sent: Wednesday, April 12, 2017 10:18:55 AM
> Subject: rules.d on RHEL6
>
> It appears that this directory is not used at all on RHEL6.
>
> I know I have mentioned this before; but it's true. If I move my copy of
> audit.rules from /etc/audit into the subdirectory rules.d and restart audit;
> the audit.rules file is not recopied/regenerated or whatever by the auditd.
>
> This behavior is different from RHEL7; where if you delete the
> /etc/audit/audit.rules file or move it to /etc/audit/rules.d/audit.rules;
> the auditd functions as I expect.
>
>
> Can someone please correct my understanding? Is the /etc/audit/rules.d
> directory not supposed to be usable in RHEL6; but is in RHEL7?
Its usable but you have to run
# augenrules --load
Note that this will overwrite /etc/audit/audit.rules
> --------------------------
> Warron French
>
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
--
Simon Sekidde * Red Hat, Inc. * Tyson's Corner, VA
Solution Architect, NA Public Sector
gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E
More information about the Linux-audit
mailing list