On 2019-11-08 12:52, Kadirvadivelu, Vezhavendan 1. (EXT - IN/Chennai) wrote: > Hi, > > In one of the VM I find audit.rules defined under /etc/audit as well as > /etc/audit/rules.d. > > What is the significance as well as difference between the files found in 2 > places.
You haven't said what distro you are using. In more recent distros, the rules in rules.d are used by augenrules to populate audit.rules, overwriting them. > Also please let me know what is the correct location where audit.rules need > to be places. Depends on your distro. > Vezhavendan K - RGB -- Richard Guy Briggs <[email protected]> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
