From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: Setting Audit Rules
Date: Mon, 25 Jul 2011 15:06:26 -0400
Message-ID: <201107251506.26786.sgrubb@redhat.com>
References: <9180F6B27399C541B10663E21C8BDE9201D0F567@0461-its-exmb09.us.saic.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <9180F6B27399C541B10663E21C8BDE9201D0F567@0461-its-exmb09.us.saic.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
Cc: "Rye, Gene R." <GENE.R.RYE@saic.com>
List-Id: linux-audit@redhat.com

On Monday, July 25, 2011 02:27:33 PM Rye, Gene R. wrote:
> I am attempting to secure a RHEL 5 64bit system.  I am modifying the
> stig.rules file to use as the audit.rules file.  The NSA guide
> identifies some rules requiring the ARCH value to be either 64b or 32b.
> Some existing rules have both OS versions being audited.  Should I leave
> both available even though my system is 64b or should I only use the 64b
> options?

All 64 bit x86_64 systems have both a 64 and 32 bit interface. So, you want both. 32 
bit system don't and you would only want 32 bit values for it.

-Steve