Re: RHEL 6 audit.rules question
On Wednesday, July 30, 2014 08:21:45 PM Dan White wrote:
Does the system allow for the import/include of groups of rules in
other
files - like logrotate and /etc/logrotate.d/* ?
No, but in 2.3 and later there is a /etc/audit/rules.d/ directory where rules
can be dropped off. The augenrules utility will "compile" those into a master
audit.rules file. You also have to enable augenrules by setting
USE_AUGENRULES="yes" in /etc/sysconfig/audit. that is about as close as it
comes.
-Steve