[Whonix-devel] Bug#833474: please use configuration folder /etc/audit/rules.d/ by default
Patrick Schleizer
adrelanos at riseup.net
Fri Aug 5 00:34:00 CEST 2016
Package: auditd
Severity: wishlist
X-Debbugs-CC: whonix-devel at whonix.org
Dear maintainer,
/lib/systemd/system/auditd.service it is currently using [relevant snippet]:
#####
[Service]
ExecStart=/sbin/auditd -n
## To use augenrules, copy this file to /etc/systemd/system/auditd.service
## and uncomment the next line and delete/comment out the auditctl line.
## Then copy existing rules to /etc/audit/rules.d/
## Not doing this last step can cause loss of existing rules
#ExecStartPost=-/sbin/augenrules --load
ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
#####
Could /etc/audit/rules.d/ be processed by default?
The following should work:
#####
[Service]
ExecStartPre=-/sbin/augenrules --load
ExecStart=/sbin/auditd -n
ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
#####
Cheers,
Patrick
More information about the Whonix-devel
mailing list