Ubuntu
audit package

  1. Bug #1251795
  2. Comment #5

Comment 5 for bug 1251795

Revision history for this message
Tyler Hicks (tyhicks) wrote : Re: [Bug 1251795] Re: Please merge audit 1:2.3.2-2 (main) from Debian testing (main)

On 2013-11-18 10:33:34, James Page wrote:
> @Tyler
>
> Thanks for the merge; can I confirm what the intended behaviour is? My
> understanding from the changelog comment was that if I upgraded from the
> current version in trusty to this new version, then I would end up with
> audit.rules in /etc/audit/rules.d and USE_AUGENRULES="yes" in
> /etc/default/auditd.

Here's the relevant snippet from the changelog:

  When upgrading from a version without augenrules, check for a
  pre-existing rules directory (/etc/audit/rules.d/). If it exists and is
  populated with rules files, move /etc/audit/audit.rules to
  /etc/audit/rules.d/audit.rules and set USE_AUGENRULES to "yes".

So, you should only have audit.rules in rules.d/ and USE_AUGENRULES="yes" if
you already had a rules.d/ directory populated with rules files. The vast
majority of users will not have a rules.d/ directory and I suspect that is the
case with your system, too.