Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Red Hat Enterprise Linux 7
System Settings
System Accounting with auditd
Configure auditd Rules for Comprehensive Auditing
Make the auditd Configuration Immutable
Make the auditd Configuration Immutable
An XCCDF Rule
Details
Profiles
Prose
Make the auditd Configuration Immutable
Medium Severity
If the
auditd
daemon is configured to use the
augenrules
program to read audit rules during daemon startup (the default), add the following line to a file with suffix
.rules
in the directory
/etc/audit/rules.d
in order to make the auditd configuration immutable:
-e 2
If the
auditd
daemon is configured to use the
auditctl
utility to read audit rules during daemon startup, add the following line to
/etc/audit/audit.rules
file in order to make the auditd configuration immutable:
-e 2
With this setting, a reboot will be required to change any audit rules.