RHEL 6 audit.rules question
Steve Grubb
sgrubb at redhat.com
Wed Jul 30 20:33:39 UTC 2014
On Wednesday, July 30, 2014 08:21:45 PM Dan White wrote:
> Does the system allow for the import/include of groups of rules in other
> files - like logrotate and /etc/logrotate.d/* ?
No, but in 2.3 and later there is a /etc/audit/rules.d/ directory where rules
can be dropped off. The augenrules utility will "compile" those into a master
audit.rules file. You also have to enable augenrules by setting
USE_AUGENRULES="yes" in /etc/sysconfig/audit. that is about as close as it
comes.
-Steve
More information about the Linux-audit
mailing list