AUGENRULES:(8) System Administration Utilities AUGENRULES:(8)NAME
augenrules - a script that merges component audit rule files
augenrules [--check] [--load]
augenrules is a script that merges all component audit rules files, found in the audit rules directory, /etc/audit/rules.d, placing the
merged file in /etc/audit/audit.rules. Component audit rule files, must end in .rules in order to be processed. All other files in
/etc/audit/rules.d are ignored.
The files are concatenated in order, based on their natural sort (see -v option of ls(1)) and stripped of empty and comment (#) lines.
The last processed -D directive without an option, if present, is always emitted as the first line in the resultant file. Those with an
option are replicated in place. The last processed -b directive, if present, is always emitted as the second line in the resultant file.
The last processed -f directive, if present, is always emitted as the third line in the resultant file. The last processed -e directive,
if present, is always emitted as the last line in the resultant file.
The generated file is only copied to /etc/audit/rules.d, if it differs.
test if rules have changed and need updating without overwriting audit.rules.
--load load old or newly built rules into the kernel.
SEE ALSO audit.rules(8), auditctl(8), auditd(8).
Red Hat Apr 2013 AUGENRULES:(8)
Check Out this Related Man Page
AUTRACE:(8) System Administration Utilities AUTRACE:(8)NAME
autrace - a program similar to strace
autrace program [-r] [program-args]...
autrace is a program that will add the audit rules to trace a process similar to strace. It will then execute the program passing arguments
to it. The resulting audit information will be in the audit logs if the audit daemon is running or syslog. This command deletes all audit
rules prior to executing the target program and after executing it. As a safety precaution, it will not run unless all rules are deleted
with auditctl prior to use.
OPTIONS -r Limit syscalls collected to ones needed for analyzing resource usage. This could help people doing threat modeling. This saves space
The following illustrates a typical session:
autrace /bin/ls /tmp
ausearch --start recent -p 2442 -i
and for resource usage mode:
autrace -r /bin/ls
ausearch --start recent -p 2450 --raw | aureport --file --summary
ausearch --start recent -p 2450 --raw | aureport --host --summary
SEE ALSO ausearch(8), auditctl(8).
Red Hat Jan 2007 AUTRACE:(8)
15 More Discussions You Might Find Interesting
1. Post Here to Contact Site Administrators and Moderators
Here is a post that clearly violated the rule against requesting email responses. But what is the feeling about the profanity? auswipe seems to feel that is against the rules. But I don't really see an explicit prohibition. Is this an oversight in the rules? Or should profanity simply be... (11 Replies)
I need to perform an audit on my servers (ranging form mdk to redhat, knoppix...). I know there exists somewhere a script that could get me back the info i want..
I've googled around, and haven't found anything interesting.. Anyone have some thing i could investigate?
... (5 Replies)
I am trying a script which takes user input userid . I am stuck how to check whether that is a valid user id or not in the audit log files. My code is :
cat * > /export/home/$USR/l***/files
echo "DATE : \c"
I... (7 Replies)
Hi Unix gurus,
I have a file. I need to insert sequential number at the starting of the file. Fields are delimited by "|". I know the starting number.
File is as follows
starting number is : 120
... (7 Replies)
Hey i have a small script in which i check if a file with that pattern exists or not. If present then i go ahead with further processing.
In the present situation i have only one file with that name and for loop is reading twice. Here is the script. And the output of debug mode. Please help.... (5 Replies)
I need to check the contents of my vpath directive in my file. Is it possible to check the contents of the vpath directive as we do for a variable like @echo '$vpath' .
Please let me know the above is correct or suggest me the correct one.
Thanks in advance.
-Jerry (6 Replies)
Is there a tool or application the will audit users activity? I've tryed to use audit the comes with AIX but to gathers so much information it is near impossible to see what they are doing. I just want to monitor logins and and files they create or change. (9 Replies)
Is there any command in Unix, which will stop the load process if any error is found in the i/p file?
I am trying to load 5 files sequentially.
1) If A encounter's any error while data load, the load process should stop, and it should not... (5 Replies)
if any body could help me out to automate the unix script for finding some particualar files which are based on dates
like see every day i need check the TXT files which are being in processed and Sequential order based on dates
files name starts at... (12 Replies)
I have a script from a programmer, for which I need to analyze a problem.
The script gathers audit info and prints out the results. Two different departments use it, on two different printers. In the script department the there are no issues. In the other department the same script... (10 Replies)
I am seeking help on one script that I created to celan up database audit files. The error returned is
$./clean_audit.sh: /opt/oracle/logs/audit_clean.log: cannot open The same script is working on other 2 or 3 servers. But not working on other 4 servers. All servers are Oracle Linux. Here is... (21 Replies)
I need to have a script that counts the number of files arriving in a landing directory, them some app pick these files to be processed and load to a DB. But this process is so fast that I am not able to count all the files arriving on a landing directory.
Please can you help?
My... (6 Replies)
I have a requirement to develop a shell script. PFB my requirement,
I need to check an empty line after the end of each header in respective file and if a empty line is present simply echo file OK and if empty line is not present echo "Adding empty line" and add an... (6 Replies)
I am trying to find a script that will help me in replacing ^M if present in file with new line if new line is not present after ^M else leave the file as it is.
Can someone help me with the scripts.
I know it can be done using sed command but it is even changing the files which does... (6 Replies)