two questions regarding default audit behavior
I have two questions regarding default audit behavior (i.e. auditd is running,
but there is nothing in audit.rules but "-D" and "-b 256"):
1) what is being audited?
2) can I use the -D command to prevent those things from being audited?
I am required to have auditing running, but what I need to audit is specific.
One server in particular is slow (a 750 MHz Pentium III) to start with, and
default auditing is slowing it down to a crawl.
Bill Tangren