From mboxrd@z Thu Jan  1 00:00:00 1970
From: Laurent Bigonville <bigon@debian.org>
Subject: Re: audit.rules file [Was: audit 2.3 released]
Date: Mon, 6 May 2013 16:02:19 +0200
Message-ID: <20130506160219.76120932@soldur.bigon.be>
References: <3021693.HLtnhthvcE@x2> <20130505114357.7790a544@fornost.bigon.be>
	<6136940.FpU5ZKyNch@x2>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx14.extmail.prod.ext.phx2.redhat.com
	[10.5.110.19])
	by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id r46E2Wbh030933
	for <linux-audit@redhat.com>; Mon, 6 May 2013 10:02:32 -0400
Received: from anor.bigon.be (anor.bigon.be [91.121.173.99])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r46E2UW7001231
	for <linux-audit@redhat.com>; Mon, 6 May 2013 10:02:31 -0400
Received: from anor.bigon.be (localhost.localdomain [127.0.0.1])
	by anor.bigon.be (Postfix) with ESMTP id 52DFA1A072
	for <linux-audit@redhat.com>; Mon,  6 May 2013 16:02:30 +0200 (CEST)
Received: from anor.bigon.be ([127.0.0.1])
	by anor.bigon.be (anor.bigon.be [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id B8DHzFNfs6U0 for <linux-audit@redhat.com>;
	Mon,  6 May 2013 16:02:28 +0200 (CEST)
Received: from soldur.bigon.be (d54C6D43E.access.telenet.be [84.198.212.62])
	(using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(Client did not present a certificate) (Authenticated sender: bigon)
	by anor.bigon.be (Postfix) with ESMTPSA id A2F4A1A067
	for <linux-audit@redhat.com>; Mon,  6 May 2013 16:02:27 +0200 (CEST)
In-Reply-To: <6136940.FpU5ZKyNch@x2>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Le Mon, 06 May 2013 09:17:18 -0400,
Steve Grubb <sgrubb@redhat.com> a =E9crit :

> What I did in Fedora is to add a post install action like this:
> =

> %post
> # Copy default rules into place on new installation
> if [ ! -e /etc/audit/audit.rules ] ; then
>         cp /etc/audit/rules.d/audit.rules /etc/audit/audit.rules
> fi
> =

> This way if its a new install, you get a copy of the rules and if
> there are any previously existing rules, they are not overwritten.

Thanks, yes I figured that out too, I should probably not post emails
before my 1st cup of coffee on Sunday morning :)

Cheers

Laurent Bigonville