---
id: RHEL-07-030423
status: implemented
tag: auditd
---

Rules are added to audit all ``open_by_handle_at`` syscalls on the system.

Deployers can opt out of this change by setting an Ansible variable:

.. code-block:: yaml

    security_rhel7_audit_open_by_handle_at: no

This rule is compatible with x86, x86_64, and ppc64 architectures.