Red Hat Enterprise Linux 7
Disclaimer: Links contained herein to external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or their entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.
How to stop and disable auditd on RHEL 7?
Disable auditd temporarily (this will disable logging instantly but will not survive a reboot):
auditctl -e0
Disable auditd permanently (this will require a reboot):
systemctl disable auditd
Verification:
[root@dhcp182-79 ~]# auditctl -s
enabled 0 # <----- this means that auditd logging is disabled
failure 1
pid 478
rate_limit 0
backlog_limit 64
lost 0
backlog 0
loginuid_immutable 0 unlocked
man auditd
(...)
-e [0..2]
Set enabled flag. When 0 is passed, this can be used to temporarily disable
auditing. When 1 is passed as an argument, it will enable auditing. To lock the
audit configuration so that it can't be changed, pass a 2 as the argument. Lock‐
ing the configuration is intended to be the last command in audit.rules for any‐
one wishing this feature to be active. Any attempt to change the configuration
in this mode will be audited and denied. The configuration can only be changed
by rebooting the machine.
Article Number: 632
Posted: Tue, Aug 6, 2019 3:23 PM
Last Updated: Tue, Aug 6, 2019 3:23 PM
Online URL: http://kb.ictbanking.net/article.php?id=632