auditd job from os-conf/22.0.0

Github source: ef7220d or master branch

Properties¶

rules¶

Array of auditd rules to add. Note that this job does not update rules after rules are installed for the first time. Removal of a job does not remove rules. For new rules to be applied you must force VM recreation. This behaviour is due to auditd going into its immutable state.

Default

[]

Example

- -a always,exit -F perm=x -F auid>=500 -F auid!=4294967295 -F path=/usr/bin/who -k
  privileged

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/auditd/ directory (learn more).

• bin/pre-start (from pre-start)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

This job relies on no runtime packages.