PLEASE HELP!! auditctl giving Invalid argument in redhat
hello
im running rhel 4 version 2.6.9-11.ELsmp trying to audit files. just installed and ran auditctl. when running this basic command: auditctl -w /home/TestFile.doc -k test-file -p rwxa i get the error: Error sending watch insert request (Invalid argument) i got the info above from: http://www.cyberciti.biz/tips/linux-...to-a-file.html they said the basic default /etc/audit.rules will work. please can you help. im sure its something straight forward thank you in advance :) |
Quote:
Code:
-w /etc -p wa -k CFG_etc |
TB0ne, thanks
i think its the kernel as i did the suggested and it still gave same issue? # to auditctl. # First rule - delete all -D # Increase the buffers to survive stress events # Make this bigger for busy systems -b 256 # Feel free to add below this line. See auditctl man page -w /etc -p wa -k CFG_etc Stopping auditd: [ OK ] Starting auditd: [ OK ] Error sending watch insert request (Invalid argument) There was an error in line 14 of /etc/audit.rules ive seen this on quite few forums. but as im no expert it might not be the kernel version...any idea? |
Quote:
That bug is normally seen due to a kernel bug, in earlier kernels (like yours). As I said, RHEL has support/patches/updates for your kernel, that you can get via the RedHat Network (since you're paying for RHEL). |
thanks for your help, im off to update my kernel...
|
All times are GMT -5. The time now is 02:49 AM. |