audit package has no rules 21 February 2019, 03:29:55 "Preconfigured Rules FilesIn the /usr/share/doc/audit/rules/ directory, the audit package provides a set of pre-configured rules files according to various certification standards: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-Defining_Audit_Rules_and_Controls#sec-Defining_Audit_Rules_and_Controls_in_the_audit.rules_fileThose files are in the rules dir in the top level directory if you download the audit source tarball but the arch package doesn't install them. If you want to use audit rather than just install it as a dep, they are quite useful.
Re: audit package has no rules Reply #1 – 21 February 2019, 11:35:52 Is this republished anywhere, this site is BlackHole Listed by my routing. It is like anti-matter is hidden in such sites.
Re: audit package has no rules Reply #2 – 21 February 2019, 14:34:54 The missing files also contain the explanation how to use them in the README -rules in that same rules directory, plus the subject is mentioned in the auditd and augenrules man pages. Although the package is from Redhat and part of their selinux suite, it's more widely useful as it is basically a configurable logging package that can monitor changes to files and directories, and track processes, creating a searchable time stamped log. The author is sympathetic towards non-systemd inits as well.The Arch kernel was compiled without audit support until fairly recently. The efficient kernel level monitoring is why it gets used as a dependency, for the libraries it provides to interface with that functionality.