Have users reload auditd after changing the config

Signed-off-by: Tim Smith <[email protected]>
mondoohq · Nov 18, 2024 · ff06ab6 · ff06ab6
1 parent 225a130
commit ff06ab6
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/core/mondoo-linux-security.mql.yaml b/core/mondoo-linux-security.mql.yaml
@@ -1251,6 +1251,12 @@ queries:
         ```
         max_log_file = <MB>
         ```
+
+        Restart the service to load the new configuration values:
+
+        ```
+        service auditd reload
+        ```
   - uid: mondoo-linux-security-audit-logs-are-not-automatically-deleted
     title: Ensure audit logs are not automatically deleted
     impact: 40
@@ -1268,6 +1274,12 @@ queries:
         ```
         max_log_file_action = keep_logs
         ```
+
+        Restart the service to load the new configuration values:
+
+        ```
+        service auditd reload
+        ```
   - uid: mondoo-linux-security-system-is-disabled-when-audit-logs-are-full
     title: Ensure system is disabled when audit logs are full
     impact: 40
@@ -1293,6 +1305,12 @@ queries:
         action_mail_acct = root
         admin_space_left_action = halt
         ```
+
+        Restart the service to load the new configuration values:
+
+        ```
+        service auditd reload
+        ```
   - uid: mondoo-linux-security-changes-to-system-administration-scope-sudoers-is-collected
     title: Ensure changes to system administration scope (sudoers) is collected
     impact: 50