You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Oracle Linux - auditd Rule Load Failure – Immutable Mode Enabled

edited May 6, 2025 7:42AM in Linux

Note!!Please register a free account to access the full content and also to participate in Q&A in the community”

APPLIES TO:
Oracle Cloud Infrastructure
Linux OS

SYMPTOMS

When attempting to load a new auditd rule, the following error appears:

#auditctl -w /tmp/test -p war -k monitor-test
The audit system is in immutable mode, no rule changes allowed

Checking existing rules shows no rules applied:

#auditctl -l
No rules

CAUSE
The audit system is in immutable mode.

This means audit rule changes are not allowed at runtime.

This is typically configured by setting the "-e 2" flag in one of the audit rule files under

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!