gentoo-overlay/sys-process/audit/files/audit.rules

25 lines
886 B
Plaintext

# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
#
# This file contains the auditctl rules that are loaded
# whenever the audit daemon is started via the initscripts.
# The rules are simply the parameters that would be passed
# to auditctl.
# First rule - delete all
# This is to clear out old rules, so we don't append to them.
-D
# Feel free to add below this line. See auditctl man page
# The following rule would cause all of the syscalls listed to be ignored in logging.
# -a entry,never -S read -S write -S open -S fstat -S fstat64 -S mmap -S brk -S munmap -S _llseek -S nanosleep -S fcntl64 -S close -S dup2 -S rt_sigaction -S stat64 -S stat
# The following rule would cause the capture of all systems not caught above.
# -a entry,always -S all
# Increase the buffers to survive stress events
-b 256
# vim:ft=conf: