1 .TH AUGENRULES: "8" "Apr 2013" "Red Hat" "System Administration Utilities"
3 augenrules \- a script that merges component audit rule files
6 .RI [ \-\-check ]\ [ \-\-load ]
8 \fBaugenrules\fP is a script that merges all component audit rules files,
9 found in the audit rules directory, \fI/etc/audit/rules.d\fP, placing the
10 merged file in \fI/etc/audit/audit.rules\fP. Component audit rule files, must
11 end in \fI.rules\fP in order to be processed. All other files in
12 \fI/etc/audit/rules.d\fP are ignored.
14 The files are concatenated in order, based on their natural sort (see -v option of ls(1)) and stripped of empty and comment (#) lines.
16 The last processed -\fID\fP directive without an option, if present, is always
17 emitted as the first line in the resultant file. Those with an option are
19 The last processed -\fIb\fP directive, if present, is always
20 emitted as the second line in the resultant file.
21 The last processed -\fIf\fP directive, if present, is always
22 emitted as the third line in the resultant file.
23 The last processed -\fIe\fP directive, if present, is always
24 emitted as the last line in the resultant file.
26 The generated file is only copied to \fI/etc/audit/audit.rules\fP, if it differs.
30 test if rules have changed and need updating without overwriting audit.rules.
33 load old or newly built rules into the kernel.
37 /etc/audit/audit.rules