On 11/20/2014 09:42 AM, leam hall wrote:
> The RHEL 6 STIG says:
>
>   auditctl -l | grep syscall | grep chmod
>
> Should return lines referring to chmod. Those lines are in my
> audit.rules. Just doing an:
>
>   auditctl -l | grep syscall
>
> Returns nothing. I've got no issues telling the STIG folks how to do
> their work, but wanted to make sure I know what I'm talking about
> first.
>
> Am I missing something if there's no "syscall" line(s) returned?
>
> Thanks!
>
> Leam
>

The auditctl  command returns the rules loaded into the kernel.
Looks to me as if you might not have a running auditd or else your rules
were not all successfully loaded.
This can happen if there was an error inside the ruleset and you didn't
have the "-c" or "-i" flag set to continue loading the rules.
Check your syslog for any errors on startup; also just auditctl -l and
compare the loaded rules against your file.

HTH,
LCB

-- 
LC (Lenny) Bruzenak
lenny@magitekltd.com