Closed nicutor closed 6 years ago
There's a couple issues with Debian 9 / Ubuntu 18.04. The big issue is that auditd now compiles the rules in /etc/audit/rules.d
to /etc/audit/audit.rules
and any rules placed in /etc/audit/audit.rules
directly will be overwritten. Previous versions had this behavior disabled in /etc/default/auditd
- USE_AUGENRULES="no"
.
Another issue is that the example rulesets are now located in /usr/share/doc/auditd/examples/rules
and have different names. e.g. the stig rules are now 30-stig.rules.gz
.
Working on a fix.
Created PR #39 to address the first issue.
Hi,
/etc/audit/audit.rules file is overridden on each run on debian 9.
Can you please check and fix?
Thank you!