Security audit rules
Kadirvadivelu, Vezhavendan 1. (EXT - IN/Chennai)
vezhavendan.1.kadirvadivelu.ext at nokia.com
Wed Nov 20 04:36:38 UTC 2019
I am using RHEL7.6 version (Red Hat Enterprise Linux 7 (Maipo)).
Regards,
Vezhavendan K
-----Original Message-----
From: Richard Guy Briggs <rgb at redhat.com>
Sent: Wednesday, November 20, 2019 4:03 AM
To: Kadirvadivelu, Vezhavendan 1. (EXT - IN/Chennai) <vezhavendan.1.kadirvadivelu.ext at nokia.com>
Cc: linux-audit at redhat.com
Subject: Re: Security audit rules
On 2019-11-08 12:52, Kadirvadivelu, Vezhavendan 1. (EXT - IN/Chennai) wrote:
> Hi,
>
> In one of the VM I find audit.rules defined under /etc/audit as well as /etc/audit/rules.d.
>
> What is the significance as well as difference between the files found in 2 places.
You haven't said what distro you are using. In more recent distros, the rules in rules.d are used by augenrules to populate audit.rules, overwriting them.
> Also please let me know what is the correct location where audit.rules need to be places.
Depends on your distro.
> Vezhavendan K
- RGB
--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
More information about the Linux-audit
mailing list