Re: audit events w/o audit rules?

On Mon, 12 Mar 2018 11:55:32 -0700 Todd Heberlein <todd_heberlein(a)mac.com&gt; wrote: tps://www.redhat.com/mailman/listinfo/linux-audit There are hardwired events (events that show up no matter what the rules say) that come from things that are required. For example: logins, logouts, adding a user, deleting a user, changing a password, etc. These are usually documented in our STIG rules saying this requirement is met due to hardwired events. -Steve