auditd (Linux Audit Daemon) rules aggregated on disk
via /etc/audit/audit.rules by default
Operating System
auditd (Linux Audit Daemon) rules aggregated on disk
via /etc/audit/audit.rules by default
Use MQL in cnspec shell or policy:
auditd.rulesMin version: 9.0.0
Relationships
5 resources · 4 relationships·Click to select, expand fields to see properties.
Fields (4)
| Field | Type | Description |
|---|---|---|
controls | []auditd.rule.control | all controls for auditd |
files | []auditd.rule.file | all file rules |
path | string | path to folder to look up rules |
syscalls | []auditd.rule.syscall | all syscall rules |