27 lines
1016 B
Groff
27 lines
1016 B
Groff
# Copyright 1999-2011 Gentoo Foundation
|
|
# Distributed under the terms of the GNU General Public License v2
|
|
# $Id$
|
|
#
|
|
# This file contains the auditctl rules that are loaded
|
|
# whenever the audit daemon is started via the initscripts.
|
|
# The rules are simply the parameters that would be passed
|
|
# to auditctl.
|
|
|
|
# First rule - delete all
|
|
# This is to clear out old rules, so we don't append to them.
|
|
-D
|
|
|
|
# Feel free to add below this line. See auditctl man page
|
|
|
|
# The following rule would cause all of the syscalls listed to be ignored in logging.
|
|
-a exit,never -F arch=b32 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
|
|
-a exit,never -F arch=b64 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
|
|
|
|
# The following rule would cause the capture of all systems not caught above.
|
|
# -a exit,always -S all
|
|
|
|
# Increase the buffers to survive stress events
|
|
-b 8192
|
|
|
|
# vim:ft=conf:
|