audit rules configured in RHEL 7 and 8 do not work in RHEL 6

Solution Verified - Updated -

Issue

  • We have this rules set up in the file audit.rules:
-w /usr/bin/chown -p x -k executionChown
-w /usr/bin/chmod -p x -k executionChmod
-a exit,never
-a user,never
-a exclude,never -F msgtype=avc
-a exclude,never -F msgtype=LOGIN
-a exclude,never -F msgtype=CRED_DISP
-a exclude,never -F msgtype=USER_END
-a exclude,never -F msgtype=USER_ACCT
-a exclude,never -F msgtype=CRED_ACQ
-a exclude,never -F msgtype=USER_START
-a exclude,never -F msgtype=CRED_REFR
-a exclude,never -F msgtype=USER_AUTH

But the audit.log does not show any logs after executing chmod/chown commands.

Environment

  • Red Hat Enterprise Linux 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content