On Sunday, March 31, 2013 11:44:37 AM Burn Alting wrote: > I've made some mods to auditctl to allow it to read a directory of 'rule > files'. The idea is that within an enterprise, one would distribute a > standard /etc/audit/audit.rules which can be updated from the corporate > repository. Should a system require localized audit rules, then a > directory containing files of rules can be maintained locally. The > reasoning for a directory as opposed to just an additional file is to > offer granularity of 'rule sets'.
See the previous email about SCAP limitations. > I would like to know the convention for patching to this list. Should I > git clone the svn repository then supply a git diff? Can I just provide > an old-fashioned diff -rupN or C_ALL=C TZ=UTC0 diff -Naur? As long as it can be applied with 'patch', I can figure out whether its -p0 or -p1. I generally go for the diff -urpN option. It probably doesn't need to be mentioned, but I don't like patches (or sections of patches) that only add formatting or white spaces to existing code. Thanks, -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
