Checking the auditctl level in RHEL_7
I have been following the STIG ID: RHEL-07-030010 and attempting to see if the value of "-f" is set to "2", the system is configured to panic (shut down) in the event of an auditing failure. When I run:
# sudo auditctl -l | grep /-f
Head output from audit.rules file shows -f 2.
## This file is automatically generated from /etc/audit/rules.d -D -b 16384 -f 2 -a exit,never -F dir=/home -k exclude -a exclude,always -F msgtype=CWD -a exclude,always -F msgtype=PATH -a exit,never -F arch=b64 -S fork -F success=0 -F path=/usr/libexec/gvfs-udisks2-volume-monitor -F subj_type=initrc_t -F exit=-2 -w /etc/rsyslog.conf -w /etc/rsyslog.d/
Just trying to confirm that the command provided to check the STIG might be wrong?
Responses