rules.d on RHEL6
Bond Masuda
bond.masuda at jlbond.com
Wed Apr 12 14:25:18 UTC 2017
There is a different default setting between rhel6 and 7. See /etc/default/auditd I think has a parameter that controls the use of /etc/audit/rules.d.
Sent from my mobile phone, please excuse the brevity.
On Apr 12, 2017, 7:19 AM, at 7:19 AM, "warron.french" <warron.french at gmail.com> wrote:
>It appears that this directory is not used at all on RHEL6.
>
>I know I have mentioned this before; but it's true. If I *move* my
>copy of
>audit.rules from /etc/audit into the subdirectory rules.d and restart
>audit; the audit.rules file is not recopied/regenerated or whatever by
>the
>auditd.
>
>This behavior is different from RHEL7; where if you delete the
>/etc/audit/audit.rules file or move it to
>/etc/audit/rules.d/audit.rules;
>the auditd functions as I expect.
>
>
>Can someone please correct my understanding? Is the /etc/audit/rules.d
>directory not supposed to be usable in RHEL6; but is in RHEL7?
>--------------------------
>Warron French
>
>
>------------------------------------------------------------------------
>
>--
>Linux-audit mailing list
>Linux-audit at redhat.com
>https://www.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20170412/e25a86f2/attachment.htm>
More information about the Linux-audit
mailing list