AUGENRULES(8) - man page online | administration and privileged commands
A script that merges component audit rule files.
AUGENRULES:(8) System Administration Utilities AUGENRULES:(8)
NAMEaugenrules - a script that merges component audit rule files
SYNOPSISaugenrules [--check] [--load]
DESCRIPTIONaugenrules is a script that merges all component audit rules files, found in the audit rules directory, /etc/audit/rules.d, placing the merged file in /etc/audit/audit.rules. Component audit rule files, must end in .rules in order to be processed. All other files in /etc/audit/rules.d are ignored. The files are concatenated in order, based on their natural sort (see -v option of ls(1)) and stripped of empty and comment (#) lines. The last processed -D directive without an option, if present, is always emitted as the first line in the resultant file. Those with an option are replicated in place. The last processed -b directive, if present, is always emitted as the second line in the resultant file. The last processed -f directive, if present, is always emitted as the third line in the resultant file. The last processed -e directive, if present, is always emitted as the last line in the resultant file. The generated file is only copied to /etc/audit/audit.rules, if it differs.
OPTIONS--check test if rules have changed and need updating without overwriting audit.rules. --load load old or newly built rules into the kernel.
Red Hat Apr 2013 AUGENRULES:(8)
SEE ALSOaudit.rules(8), auditctl(8), auditd(8).
|This manual||Reference||Other manuals|
|refer to||auditctl(8) | auditd(8) | ls(1)|