Re: Security audit rules
On 2019-11-08 12:52, Kadirvadivelu, Vezhavendan 1. (EXT - IN/Chennai) wrote:
Hi,
In one of the VM I find audit.rules defined under /etc/audit as well as
/etc/audit/rules.d.
What is the significance as well as difference between the files found in 2 places.
You haven't said what distro you are using. In more recent distros, the
rules in rules.d are used by augenrules to populate audit.rules,
overwriting them.
Also please let me know what is the correct location where
audit.rules need to be places.
Depends on your distro.
Vezhavendan K
- RGB
--
Richard Guy Briggs <rgb(a)redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635