Skip to content

Commit

Permalink
Enable kernel auditing in the example configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
@spectrumjade
spectrumjade committed Dec 1, 2016
1 parent 29a3640 commit c1a40ab
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions go-audit.yaml.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,8 @@ rules:
- -a exit,always -F arch=b64 -S execve
# Watch all 32 bit program executions
- -a exit,always -F arch=b32 -S execve
# Enable kernel auditing (required if not done via the "audit" kernel boot parameter)
- -e 1

# If kaudit filtering isn't powerful enough you can use the following filter mechanism
filters:
Expand Down

0 comments on commit c1a40ab

Please sign in to comment.