Merge pull request slackhq#8 from justintime32/enable_status

Enable the audit system when starting
CSdread · Dec 1, 2016 · 1d820cd · 1d820cd
2 parents d76a81b + c1a40ab
commit 1d820cd
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/go-audit.yaml.example b/go-audit.yaml.example
@@ -90,6 +90,8 @@ rules:
   - -a exit,always -F arch=b64 -S execve
   # Watch all 32 bit program executions
   - -a exit,always -F arch=b32 -S execve
+  # Enable kernel auditing (required if not done via the "audit" kernel boot parameter)
+  - -e 1
 
 # If kaudit filtering isn't powerful enough you can use the following filter mechanism
 filters: