Thread: Linux Auditing Problems - log file getting large

View Single Post
  #6 (permalink)  
Old 17-05-2007, 09:03 PM
CrackerJack1618 CrackerJack1618 is offline
Junior Member
User
  
Join Date: May 2007
OS: Red Hat Enterprise Linux 4
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
CrackerJack1618 is on a distinguished road
Default
From # prompt, I did this and got the below messages:

auditctl -w /etc/auditd.conf -p wa
permission option no longer supported
error sending add rule request (invalid argument)

auditctl -w /etc/auditd.conf
error sending add rule request (invalid argument)

It won't let me add rules. The capp.rules file I found is full of the above commands for various security relevant files. Each line with -w or -p says invlaid argument when I restart AUDITD.

I restored the original audit.rules file 9whcih I saved) and did the above - No change.

audit.rules has these lines by default:
-D
-b 256

that's it.
Reply With Quote