Hello, I was wondering, the currently proposed solution to compile the rules when using systemd (copying the .services into /etc by hand) seems pretty hackish to me. Wouldn't it be better if there was a 2nd systemd .service file dedicated to call augenrules, disabled by default and depending against the main auditd.service file?
This way the user could enable that new service instead of copying files by hand. This sounds better in distribution-wise and in cases changes are made to the .service file, the user will not be stuck with an old version in /etc. Any idea on this? Cheers Laurent Bigonville -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
