From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: adding rules after setting rules immutable Date: Thu, 08 Sep 2016 09:52:32 -0400 Message-ID: <1606226.BHdsqEiX8T@x2> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com On Thursday, September 8, 2016 9:42:09 AM EDT warron.french wrote: > While working with RHEL-6 and RHEL-7 systems, and understanding that you > can set rules to immutable by adding *-e 2* to the end of the audit.rules > file(s) I realized something. > > If I want to add rules to a system due to new IT Governance, I might have > to reboot every machine that gets the newly added rules. Yes, you need to reboot. This is what immutable means - no changes allowed during runtime. > Is this true, or can I get away with simply executing, on both versions of > RHEL (6 and 7): > augenrules --check > augenrules --load These will fail. > I ask, because I want to write some puppet code that is smart enough to > ensure the rules are put into place. Do I really have to reboot a server > in the middle of a work day or can I work around it with the use of the > *augenrules* commands as listed above? This is what immutable does. If you need flexibility to change rules at will, then you should comment out or delete the -e 2 at the end. -Steve