* Question about updating audit.rules
[not found] ` <CAJdJdQ=NayH8o4LxXgyL8k4VQ_aPYKC82hB987wEmU4TbF22+A@mail.gmail.com>
@ 2016-06-22 23:56 ` warron.french
2016-06-23 3:16 ` Steve Grubb
0 siblings, 1 reply; 3+ messages in thread
From: warron.french @ 2016-06-22 23:56 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 389 bytes --]
I am writing puppet modules for work now. I am writing a module
specifically oriented around audit for Linux and Solaris.
But I would like to know is after updating audit.rules in Linux with
immutable mode turned on; is a restart of the audit process actually
required for the rules to take effect.
I believe it always is, but I want to be certain.
Thanks,
\\Warron French from mobile
[-- Attachment #1.2: Type: text/html, Size: 456 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Question about updating audit.rules
2016-06-22 23:56 ` Question about updating audit.rules warron.french
@ 2016-06-23 3:16 ` Steve Grubb
2016-06-23 12:49 ` Warron S French
0 siblings, 1 reply; 3+ messages in thread
From: Steve Grubb @ 2016-06-23 3:16 UTC (permalink / raw)
To: linux-audit
On Wednesday, June 22, 2016 07:56:23 PM warron.french wrote:
> I am writing puppet modules for work now. I am writing a module
> specifically oriented around audit for Linux and Solaris.
>
> But I would like to know is after updating audit.rules in Linux with
> immutable mode turned on; is a restart of the audit process actually
> required for the rules to take effect.
In immutable mode, a REBOOT is required to reload audit rules. In immutable
mode, the rules are locked into the kernel. So, the kernel needs restarting.
-Steve
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: Question about updating audit.rules
2016-06-23 3:16 ` Steve Grubb
@ 2016-06-23 12:49 ` Warron S French
0 siblings, 0 replies; 3+ messages in thread
From: Warron S French @ 2016-06-23 12:49 UTC (permalink / raw)
To: Steve Grubb, linux-audit@redhat.com
Thanks Steve, that's what I thought. I just wanted to unclutter my memory and get it clear in my understanding.
I am moving on to another job, so I have decided to attempt to set up a more personal email (driven) account with the Linux Audit Mailing List.
I hope to engage the List from that newly associated account in the near future.
Thanks,
Warron French, MBA, SCSA
-----Original Message-----
From: linux-audit-bounces@redhat.com [mailto:linux-audit-bounces@redhat.com] On Behalf Of Steve Grubb
Sent: Wednesday, June 22, 2016 11:17 PM
To: linux-audit@redhat.com
Subject: Re: Question about updating audit.rules
On Wednesday, June 22, 2016 07:56:23 PM warron.french wrote:
> I am writing puppet modules for work now. I am writing a module
> specifically oriented around audit for Linux and Solaris.
>
> But I would like to know is after updating audit.rules in Linux with
> immutable mode turned on; is a restart of the audit process actually
> required for the rules to take effect.
In immutable mode, a REBOOT is required to reload audit rules. In immutable mode, the rules are locked into the kernel. So, the kernel needs restarting.
-Steve
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-06-23 12:49 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <CAJdJdQ=3p+ukfg6MguaBNiG69jq9fp3bK-VGEZ=Xbij=yKBpBg@mail.gmail.com>
[not found] ` <CAJdJdQkTHC=kz50Bww6beZy7_a6wzywDp3s3zkqHuV-FKao3rA@mail.gmail.com>
[not found] ` <CAJdJdQk_GAqyF1s0sB51TzkB7xypPSh-uKS-S2LcfmpxGwEhvg@mail.gmail.com>
[not found] ` <CAJdJdQ=RqBoHtiHdH4sKaWWzyq=c66qvaGuA3+tC1uGzuQ=mTg@mail.gmail.com>
[not found] ` <CAJdJdQ=NayH8o4LxXgyL8k4VQ_aPYKC82hB987wEmU4TbF22+A@mail.gmail.com>
2016-06-22 23:56 ` Question about updating audit.rules warron.french
2016-06-23 3:16 ` Steve Grubb
2016-06-23 12:49 ` Warron S French
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.