augenrules(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | FILES | SEE ALSO | COLOPHON

AUGENRULES(8)        System Administration Utilities       AUGENRULES(8)

NAME         top

       augenrules - a script that merges component audit rule files

SYNOPSIS         top

       augenrules [--check] [--load]

DESCRIPTION         top

       augenrules is a script that merges all component audit rules
       files, found in the audit rules directory, /etc/audit/rules.d,
       placing the merged file in /etc/audit/audit.rules. Component
       audit rule files, must end in .rules in order to be processed.
       All other files in /etc/audit/rules.d are ignored.

       The files are concatenated in order, based on their natural sort
       (see -v option of ls(1)) and stripped of empty and comment (#)
       lines.

       The last processed -D directive without an option, if present, is
       always emitted as the first line in the resultant file. Those
       with an option are replicated in place.  The last processed -b
       directive, if present, is always emitted as the second line in
       the resultant file.  The last processed -f directive, if present,
       is always emitted as the third line in the resultant file.  The
       last processed -e directive, if present, is always emitted as the
       last line in the resultant file.

       The generated file is only copied to /etc/audit/audit.rules, if
       it differs.

OPTIONS         top

       --check
              test if rules have changed and need updating without
              overwriting audit.rules.

       --load load old or newly built rules into the kernel.

FILES         top

       /etc/audit/rules.d/ /etc/audit/audit.rules

SEE ALSO         top

       audit.rules(7), auditctl(8), auditd(8).

COLOPHON         top

       This page is part of the audit (Linux Audit) project.
       Information about the project can be found at 
       ⟨http://people.redhat.com/sgrubb/audit/⟩.  If you have a bug
       report for this manual page, send it to [email protected].
       This page was obtained from the project's upstream Git repository
       ⟨https://github.com/linux-audit/audit-userspace.git⟩ on
       2024-06-14.  (At that time, the date of the most recent commit
       that was found in the repository was 2024-06-12.)  If you
       discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the
       information in this COLOPHON (which is not part of the original
       manual page), send a mail to [email protected]

Red Hat                         Apr 2013                   AUGENRULES(8)

Pages that refer to this page: auditd(8)