auditd rule error
Joshua Ammons
Joshua.Ammons at walmart.com
Mon Jun 11 12:39:26 UTC 2018
On a server running RHEL 7.2 the audit rules fail to load due to an error on this rule:
-a always,exit -F arch=b64 -S setuid -F a0=0 -F exe=/usr/bin/su -F key=10.2.5.b-elevated-privs-session
>From what I have found it seems "exe" may not be a valid field on this specific O.S. - is this correct? Does anyone have any recommendations on how to track elevated privileges for all RHEL 6/7 systems?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20180611/e647945a/attachment.htm>
More information about the Linux-audit
mailing list