.TH AUGENRULES: "8" "Apr 2013" "Red Hat" "System Administration Utilities"
augenrules \- a script that merges component audit rule files
.RI [ \-\-check ]\ [ \-\-load ]
\fBaugenrules\fP is a script that merges all component audit rules files,
found in the audit rules directory, \fI/etc/audit/rules.d\fP, placing the
merged file in \fI/etc/audit/audit.rules\fP. Component audit rule files, must
end in \fI.rules\fP in order to be processed. All other files in
\fI/etc/audit/rules.d\fP are ignored.
The files are concatenated in order, based on their natural sort (see -v option of ls(1)) and stripped of empty and comment (#) lines.
The last processed -\fID\fP directive without an option, if present, is always
emitted as the first line in the resultant file. Those with an option are
replicated in place.
The last processed -\fIb\fP directive, if present, is always
emitted as the second line in the resultant file.
The last processed -\fIf\fP directive, if present, is always
emitted as the third line in the resultant file.
The last processed -\fIe\fP directive, if present, is always
emitted as the last line in the resultant file.
The generated file is only copied to \fI/etc/audit/rules.d\fP, if it differs.
test if rules have changed and need updating without overwriting audit.rules.
load old or newly built rules into the kernel.
.SH "SEE ALSO"
.BR audit.rules (8),
.BR auditctl (8),
.BR auditd (8).