Laurent, I think audit.rules should revert back to being installed to /etc/audit/audit.rules.
This way we maintain Steve's intent, that the use of augenrules and /etc/audit/rules.d is the result of a conscious decision by an administrator. IE no inadvertent overwriting of /etc/audit/audit.rules during an upgrade. Regards Burn Alting On Sun, 2013-05-05 at 11:43 +0200, Laurent Bigonville wrote: > Le Wed, 01 May 2013 10:29:07 -0400, > Steve Grubb <[email protected]> a écrit : > > > Hi, > Hello, > > [...] > > > > Several people have asked for a way to deposit rules into a directory > > so that based on what is installed, rules can also be added. This > > makes it easier to have a core system that gets packages, config, and > > files added to make it a different kind of server or desktop. My > > guess is that it will be mostly used to add watches on setuid apps > > which can differ from machine type to machine type. > > > > The place where these rules are stored is /etc/audit/rules.d. > > Compiling rules from that directory will result in a new file being > > written to /etc/audit/audit.rules. That means it can overwrite > > existing rules. Since we don't want that to happen by accident, > > augenrules is disabled by default. > [...] > > The make install rule is now installing audit.rules in > the /etc/audit/rules.d directory. > > What would happen on fresh installation if augenrules call is disabled > and that /etc/audit/audit.rules is not existing? > > Will /etc/audit/rules.d/audit.rules be called as a fallback? Or should > distributions take care of shipping both /etc/audit/audit.rules > and /etc/audit/rules.d/audit.rules? > > What do you think? > > Cheers > > Laurent Bigonville > > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
