/usr/share/audit/sample-rules
## First rule - delete all -D ## Increase the buffers to survive stress events. ## Make this bigger for busy systems -b 8192 ## This determine how long to wait in burst of events --backlog_wait_time 60000 ## Set failure mode to syslog -f 1
.
Edit
..
Edit
10-base-config.rules
Edit
10-no-audit.rules
Edit
11-loginuid.rules
Edit
12-cont-fail.rules
Edit
12-ignore-error.rules
Edit
20-dont-audit.rules
Edit
21-no32bit.rules
Edit
22-ignore-chrony.rules
Edit
23-ignore-filesystems.rules
Edit
30-nispom.rules
Edit
30-ospp-v42-1-create-failed.rules
Edit
30-ospp-v42-1-create-success.rules
Edit
30-ospp-v42-2-modify-failed.rules
Edit
30-ospp-v42-2-modify-success.rules
Edit
30-ospp-v42-3-access-failed.rules
Edit
30-ospp-v42-3-access-success.rules
Edit
30-ospp-v42-4-delete-failed.rules
Edit
30-ospp-v42-4-delete-success.rules
Edit
30-ospp-v42-5-perm-change-failed.rules
Edit
30-ospp-v42-5-perm-change-success.rules
Edit
30-ospp-v42-6-owner-change-failed.rules
Edit
30-ospp-v42-6-owner-change-success.rules
Edit
30-ospp-v42.rules
Edit
30-pci-dss-v31.rules
Edit
30-stig.rules
Edit
31-privileged.rules
Edit
32-power-abuse.rules
Edit
40-local.rules
Edit
41-containers.rules
Edit
42-injection.rules
Edit
43-module-load.rules
Edit
44-installers.rules
Edit
70-einval.rules
Edit
71-networking.rules
Edit
99-finalize.rules
Edit
README-rules
Edit