Security audit rules
Richard Guy Briggs
rgb at redhat.com
Tue Nov 19 22:32:43 UTC 2019
On 2019-11-08 12:52, Kadirvadivelu, Vezhavendan 1. (EXT - IN/Chennai) wrote:
> Hi,
>
> In one of the VM I find audit.rules defined under /etc/audit as well as /etc/audit/rules.d.
>
> What is the significance as well as difference between the files found in 2 places.
You haven't said what distro you are using. In more recent distros, the
rules in rules.d are used by augenrules to populate audit.rules,
overwriting them.
> Also please let me know what is the correct location where audit.rules need to be places.
Depends on your distro.
> Vezhavendan K
- RGB
--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
More information about the Linux-audit
mailing list