On Tuesday, March 22, 2016 12:55:25 PM Warron S French wrote: > Does the "-e 2" have to be the last line of the audit.rules file?
Yes. Once its sent to the kernel, the kernel rules tables are immutable. > Does it have to be listed prior to all of the syscalls and watches > configured in the file? No. This will make it not load anything. -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
