I'm currently testing auditd with rules for setuid or setgid binaries on the system. I currently maintain the list via find, and pushing the results to a audit.rules file. I'm hoping there's a cleaner way, perhaps by triggering on the appropriate syscall -- but have not discovered it. Is there an easier method?