PATH:
usr
/
share
/
doc
/
audit-2.8.5
/
rules
# This rule supresses events that originate on the below file systems. # Typically you would use this in conjunction with rules to monitor # kernel modules. The filesystem listed are known to cause hundreds of # path records during kernel module load. As an aside, if you do see the # tracefs or debugfs module load and this is a production system, you really # should look into why its getting loaded and prevent it if possible. -a never,filesystem -F fstype=tracefs -a never,filesystem -F fstype=debugfs
[-] README-rules
[edit]
[-] 30-stig.rules
[edit]
[-] 12-cont-fail.rules
[edit]
[-] 42-injection.rules
[edit]
[+]
..
[-] 10-no-audit.rules
[edit]
[-] 23-ignore-filesystems.rules
[edit]
[-] 22-ignore-chrony.rules
[edit]
[-] 70-einval.rules
[edit]
[-] 30-nispom.rules
[edit]
[-] 41-containers.rules
[edit]
[-] 40-local.rules
[edit]
[-] 43-module-load.rules
[edit]
[-] 32-power-abuse.rules
[edit]
[-] 21-no32bit.rules
[edit]
[-] 11-loginuid.rules
[edit]
[-] 20-dont-audit.rules
[edit]
[-] 12-ignore-error.rules
[edit]
[-] 71-networking.rules
[edit]
[-] 99-finalize.rules
[edit]
[-] 30-pci-dss-v31.rules
[edit]
[-] 10-base-config.rules
[edit]
[-] 31-privileged.rules
[edit]
[-] 30-ospp-v42.rules
[edit]