RE: Security audit rules
Kadirvadivelu, Vezhavendan 1. (EXT - IN/Chennai)
Tuesday, 19 November
2019
Tue, 19 Nov
'19
10:36 p.m.
I am using RHEL7.6 version (Red Hat Enterprise Linux 7 (Maipo)).
Regards,
Vezhavendan K
-----Original Message-----
From: Richard Guy Briggs <rgb(a)redhat.com>
Sent: Wednesday, November 20, 2019 4:03 AM
To: Kadirvadivelu, Vezhavendan 1. (EXT - IN/Chennai)
<vezhavendan.1.kadirvadivelu.ext(a)nokia.com>
Cc: linux-audit(a)redhat.com
Subject: Re: Security audit rules
On 2019-11-08 12:52, Kadirvadivelu, Vezhavendan 1. (EXT - IN/Chennai) wrote:
Hi,
In one of the VM I find audit.rules defined under /etc/audit as well as
/etc/audit/rules.d.
What is the significance as well as difference between the files found in 2 places.
You haven't said what distro you are using. In more recent distros, the rules in
rules.d are used by augenrules to populate audit.rules, overwriting them.
Also please let me know what is the correct location where
audit.rules need to be places.
Depends on your distro.
Vezhavendan K
- RGB
--
Richard Guy Briggs <rgb(a)redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635