On Wed, 16 Sep 2015 09:56:58 +0200 Florian Crouzat <[email protected]> wrote: > I asked the same question in the "Watching over non-existent folder to > maintain a generic audit.rules file" thread but got different hints. > I've been directed to augenrules which could help but this doesn't > really match or facilitate my needs to replace my current FIM tool by > auditd which requires me to write a generic configuration with all > possibles folders (including applicative ones) and deploy accross all > hosts without knowing which host runs which app and/or contains which > folders.
That is not the intended way to use augenrules. The intention is to have a base set of rules that apply to everything. Then drop in rules that apply to that type of system. IOW, you would not put apache rules on your DNS system because that doesn't make sense. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
