0

EDIT

This may be the result of an issue with the Arch package.

I am learning to use the linux audit system. Right now I have several rulesets in the /etc/audit/rules.d directory.

When I run

augenrules
auditctl -R /etc/audit/audit.rules

I get the message:

There was an error in line 5 of /etc/audit/audit.rules

However I do not know how to determine what that error is. Is it even possible for auditctl to report why it thinks there is an error?

Improve this question
3
  • 1) did you look at line 5? Does it make sense? 2) does man augenrules ; man autictl show you an option like --verbose (sometimes just -v). 3) Note the relatively low number of watchers for your tags. Try to find another 2 tags that appropriate with higher watchers. Maybe include a tag for your underlying OS (unix|linux (not both!) ). Commented Sep 11, 2024 at 23:54
  • I figured out the answer to the primary question, which is to run auditctl <the rule>. It should dump the reason for the error, but since auditctl 4.0.2 the arch package has a bug where it fails on any input and gives "there was an error while processing parameters". Commented Sep 12, 2024 at 1:51
  • Also thank you for the tip about the watchers. I didn't know about that. Commented Sep 12, 2024 at 1:53

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.