augenrules is a script that merges all component audit rules files,
found in the audit rules directory, /etc/audit/rules.d, placing the
merged file in /etc/audit/audit.rules. Component audit rule files,
must end in .rules in order to be processed. All other files in
/etc/audit/rules.d are ignored.
The files are concatenated in order, based on their natural sort (see
-v option of ls(1)) and stripped of empty and comment (#) lines.
The last processed -D directive without an option, if present, is
always emitted as the first line in the resultant file. Those with an
option are replicated in place. The last processed -b directive, if
present, is always emitted as the second line in the resultant file.
The last processed -f directive, if present, is always emitted as the
third line in the resultant file. The last processed -e directive,
if present, is always emitted as the last line in the resultant file.
The generated file is only copied to /etc/audit/audit.rules, if it
This page is part of the audit (Linux Audit) project. Information
about the project can be found at
⟨http://people.redhat.com/sgrubb/audit/⟩. If you have a bug report
for this manual page, send it to firstname.lastname@example.org. This page
was obtained from the project's upstream Git repository
⟨https://github.com/linux-audit/audit-userspace.git⟩ on 2017-03-13.
If you discover any rendering problems in this HTML version of the
page, or you believe there is a better or more up-to-date source for
the page, or you have corrections or improvements to the information
in this COLOPHON (which is not part of the original manual page),
send a mail to email@example.com
Red Hat Apr 2013 AUGENRULES:(8)