Quote:
Originally Posted by szboardstretcher
Anyone have a link to a 'standard' centos 7 audit.conf file?
|
If your definition of "vanilla" is package default then it's
Code:
]$ rpm -qf /etc/audit/auditd.conf --qf="... in the %{name} package\n"
or else if you mean compliance then the rule sets are in
Code:
]$ rpm -ql audit|grep \.rule
OK so some rules you couldn't ever dream up but rule sets mostly are common sense things which kind of shows as there's a lot of overlap between CAPP / LSPP / STIG. As with anything just blindly activating a complete rule set isn't what you should do (shouldn't work anyway because it'll b0rk on non-existent items), do tune it to the purpose(s) of the machine(s) or what compliance mandates.