auditd rules suggested by openscap fail

Support for security such as Firewalls and securing linux
Post Reply
tlee
Posts: 5
Joined: 2017/10/03 20:23:54

auditd rules suggested by openscap fail

Post by tlee » 2017/10/30 21:02:16

The following audit rules as suggested by openscap each fail with the following message when restarting auditd on CentOS release 6.9 (Final).

Does anyone know why this would be the case?

Error:

Starting auditd: [ OK ]
arch elf mapping not found
There was an error in line 18 of /etc/audit/audit.rules

Rules:

-a always,exit -F arch=b64 -S adjtimex -k audit_time_rules
-a always,exit -F arch=b64 -S settimeofday -k audit_time_rules
-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change

CarlRestor
Posts: 19
Joined: 2017/10/31 16:48:13

Re: auditd rules suggested by openscap fail

Post by CarlRestor » 2017/11/09 20:10:06

not sure about these rules. lemme do a little bit of researching and I'll get back to you on this. but others will guide you too. ;)
"Username" T. - Always Preferred

Post Reply