1AUGENRULES:(8) System Administration Utilities AUGENRULES:(8)
2
3
4
6 augenrules - a script that merges component audit rule files
7
9 augenrules [--check] [--load]
10
12 augenrules is a script that merges all component audit rules files,
13 found in the audit rules directory, /etc/audit/rules.d, placing the
14 merged file in /etc/audit/audit.rules. Component audit rule files, must
15 end in .rules in order to be processed. All other files in
16 /etc/audit/rules.d are ignored.
17
18 The files are concatenated in order, based on their natural sort (see
19 -v option of ls(1)) and stripped of empty and comment (#) lines.
20
21 The last processed -D directive without an option, if present, is
22 always emitted as the first line in the resultant file. Those with an
23 option are replicated in place. The last processed -b directive, if
24 present, is always emitted as the second line in the resultant file.
25 The last processed -f directive, if present, is always emitted as the
26 third line in the resultant file. The last processed -e directive, if
27 present, is always emitted as the last line in the resultant file.
28
29 The generated file is only copied to /etc/audit/audit.rules, if it dif‐
30 fers.
31
33 --check
34 test if rules have changed and need updating without overwriting
35 audit.rules.
36
37 --load load old or newly built rules into the kernel.
38
39
41 /etc/audit/rules.d/ /etc/audit/audit.rules
42
44 audit.rules(7), auditctl(8), auditd(8).
45
46
47
48Red Hat Apr 2013 AUGENRULES:(8)