From mboxrd@z Thu Jan  1 00:00:00 1970
From: Bill Tangren <bjt@aa.usno.navy.mil>
Subject: two questions regarding default audit behavior
Date: Wed, 17 Jan 2007 10:58:35 -0500
Message-ID: <45AE47AB.4090708@aa.usno.navy.mil>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l0HFwagI012992
	for <linux-audit@redhat.com>; Wed, 17 Jan 2007 10:58:36 -0500
Received: from beatrix.usno.navy.mil (beatrix.usno.navy.mil [198.116.61.254])
	by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id
	l0HFwZcm018799
	for <linux-audit@redhat.com>; Wed, 17 Jan 2007 10:58:35 -0500
Received: from [10.1.5.58] (mach2.usno.navy.mil [10.1.5.58])
	by aa.usno.navy.mil (Postfix) with ESMTP id 42EBB903ED
	for <linux-audit@redhat.com>; Wed, 17 Jan 2007 10:58:35 -0500 (EST)
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

I have two questions regarding default audit behavior (i.e. auditd is running, 
but there is nothing in audit.rules but "-D" and "-b 256"):

1) what is being audited?

2) can I use the -D command to prevent those things from being audited?

I am required to have auditing running, but what I need to audit is specific. 
One server in particular is slow (a 750 MHz Pentium III) to start with, and 
default auditing is slowing it down to a crawl.

Bill Tangren