On 2013-11-18 10:33:34, James Page wrote:
> @Tyler
>
> Thanks for the merge; can I confirm what the intended behaviour is? My
> understanding from the changelog comment was that if I upgraded from the
> current version in trusty to this new version, then I would end up with
> audit.rules in /etc/audit/rules.d and USE_AUGENRULES="yes" in
> /etc/default/auditd.
Here's the relevant snippet from the changelog:
When upgrading from a version without augenrules, check for a
pre-existing rules directory (/etc/audit/rules.d/). If it exists and is
populated with rules files, move /etc/audit/audit.rules to
/etc/audit/rules.d/audit.rules and set USE_AUGENRULES to "yes".
So, you should only have audit.rules in rules.d/ and USE_AUGENRULES="yes" if
you already had a rules.d/ directory populated with rules files. The vast
majority of users will not have a rules.d/ directory and I suspect that is the
case with your system, too.
On 2013-11-18 10:33:34, James Page wrote: "yes" in auditd.
> @Tyler
>
> Thanks for the merge; can I confirm what the intended behaviour is? My
> understanding from the changelog comment was that if I upgraded from the
> current version in trusty to this new version, then I would end up with
> audit.rules in /etc/audit/rules.d and USE_AUGENRULES=
> /etc/default/
Here's the relevant snippet from the changelog:
When upgrading from a version without augenrules, check for a rules.d/ ). If it exists and is audit.rules to audit/rules. d/audit. rules and set USE_AUGENRULES to "yes".
pre-existing rules directory (/etc/audit/
populated with rules files, move /etc/audit/
/etc/
So, you should only have audit.rules in rules.d/ and USE_AUGENRULES= "yes" if
you already had a rules.d/ directory populated with rules files. The vast
majority of users will not have a rules.d/ directory and I suspect that is the
case with your system, too.