Hi,
We noticed that the audit.rules is empty on centos 7 whereas it used to have some default rules on centos 6. We checked the /sbin/augenrules, which copies audit rules from /etc/audit/rules.d/audit.rules to /etc/audit/audit.rules, which is almost same as of centos 6.
Please help us in understanding from where the rules are being picked up when audit.rules is deployed as empty in Centos 7.
Regards,
Shagun
Audit.rules is empty by default on Centos 7
Re: Audit.rules is empty by default on Centos 7
My audit.rules file has the same rules in it on el7 that it does on el6 but has only 1 comment line vs 12 comments on el6.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Audit.rules is empty by default on Centos 7
But my /etc/audit/audit.rules file is empty on el7.
Re: Audit.rules is empty by default on Centos 7
I suspect that's due to something you did as I checked all my el7 systems and all /etc/audit/audit.rules files have 5 lines in them.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Audit.rules is empty by default on Centos 7
On CentOS 7.3 machine, after a fresh installation, i am getting an empty audit.rules file but on centOS 7.4, I am getting that rules are written in that file.
So, I updated the audit package on 7.3 machine and restart the auditd service but still, I am getting the empty file.
Can you tell me how we can add the rules in that file or anything has been changed in audit package?
Please help me in understanding from where the rules are being picked up.
Regards,
Shagun
So, I updated the audit package on 7.3 machine and restart the auditd service but still, I am getting the empty file.
Can you tell me how we can add the rules in that file or anything has been changed in audit package?
Please help me in understanding from where the rules are being picked up.
Regards,
Shagun
Re: Audit.rules is empty by default on Centos 7
I'm pretty sure we've been through this already: CentOS 7.3 is not current, it is not supported. Update to the current version 7.4.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke