summaryrefslogtreecommitdiff
path: root/sys-process/audit/files/audit.rules-2.1.3
blob: 25dbedfd1df50f87b61ea9b1c0e4f67550db8b4f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
#
# This file contains the auditctl rules that are loaded
# whenever the audit daemon is started via the initscripts.
# The rules are simply the parameters that would be passed
# to auditctl.

# First rule - delete all
# This is to clear out old rules, so we don't append to them.
-D

# Feel free to add below this line. See auditctl man page

# The following rule would cause all of the syscalls listed to be ignored in logging.
-a exit,never -F arch=b32 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
-a exit,never -F arch=b64 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat

# The following rule would cause the capture of all systems not caught above.
# -a exit,always -S all

# Increase the buffers to survive stress events
-b 8192

# vim:ft=conf: