File: auditd.README.Debian

package info (click to toggle)
audit 1:2.8.5-3
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, sid
  • size: 6,392 kB
  • sloc: ansic: 55,468; sh: 4,848; python: 2,916; makefile: 1,443; sed: 32
file content (19 lines) | stat: -rw-r--r-- 762 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Generating audit.rules from rules located under /etc/audit/rules.d
------------------------------------------------------------------

The /etc/audit/audit.rules file can be generated using the augenrules(8)
executable. This action is performed automatically on each startup.

To disable it on a SysVinit system, edit /etc/default/auditd and set the
USE_AUGENRULES variable to "no".

On systemd based systems, you should create the following file with the
specified content and then call "systemctl daemon-reload":

  /etc/systemd/system/auditd.service.d/augenrules.conf:
    [Service]
    ExecStartPost=
    ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules

Check that the needed rules are present in /etc/audit/audit.rules before
restarting the daemon.