auditd rules suggested by openscap fail
Posted: 2017/10/30 21:02:16
The following audit rules as suggested by openscap each fail with the following message when restarting auditd on CentOS release 6.9 (Final).
Does anyone know why this would be the case?
Error:
Starting auditd: [ OK ]
arch elf mapping not found
There was an error in line 18 of /etc/audit/audit.rules
Rules:
-a always,exit -F arch=b64 -S adjtimex -k audit_time_rules
-a always,exit -F arch=b64 -S settimeofday -k audit_time_rules
-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change
Does anyone know why this would be the case?
Error:
Starting auditd: [ OK ]
arch elf mapping not found
There was an error in line 18 of /etc/audit/audit.rules
Rules:
-a always,exit -F arch=b64 -S adjtimex -k audit_time_rules
-a always,exit -F arch=b64 -S settimeofday -k audit_time_rules
-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change