1AUGENRULES(8)           System Administration Utilities          AUGENRULES(8)
2
3
4

NAME

6       augenrules - a script that merges component audit rule files
7

SYNOPSIS

9       augenrules [--check] [--load]
10

DESCRIPTION

12       augenrules  is  a  script  that merges all component audit rules files,
13       found in the audit rules  directory,  /etc/audit/rules.d,  placing  the
14       merged file in /etc/audit/audit.rules. Component audit rule files, must
15       end in .rules in order to be processed. All  other  files  in  /etc/au‐
16       dit/rules.d are ignored.
17
18       The  files  are concatenated in order, based on their natural sort (see
19       -v option of ls(1)) and stripped of empty and comment (#) lines.
20
21       The last processed -D directive without an option, if present,  is  al‐
22       ways emitted as the first line in the resultant file. Those with an op‐
23       tion are replicated in place.  The  last  processed  -b  directive,  if
24       present,  is  always  emitted as the second line in the resultant file.
25       The last processed -f directive, if present, is always emitted  as  the
26       third  line in the resultant file.  The last processed -e directive, if
27       present, is always emitted as the last line in the resultant file.
28
29       The generated file is only copied to /etc/audit/audit.rules, if it dif‐
30       fers.
31

OPTIONS

33       --check
34              test if rules have changed and need updating without overwriting
35              audit.rules.
36
37       --load load old or newly built rules into the kernel.
38
39

FILES

41       /etc/audit/rules.d/ /etc/audit/audit.rules
42

SEE ALSO

44       audit.rules(7), auditctl(8), auditd(8).
45
46
47
48Red Hat                            Apr 2013                      AUGENRULES(8)
Impressum