diff --git a/manifests/customrule.pp b/manifests/customrule.pp
new file mode 100644
index 0000000..17dc1dd
--- /dev/null
+++ b/manifests/customrule.pp
@@ -0,0 +1,14 @@
+# Rules for non contempled cases
+#
+# Literal String set
+#
+define audit::customrule (
+                           $customrules [],
+                         ) {
+ #
+ concat::fragment{ "${audit::params::audit_file} custom rule"
+    target  => $audit::params::audit_file,
+    order   => '12',
+    content => template("${module_name}/customrule.erb"),
+  }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index 8bb5f3b..1161187 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -7,6 +7,7 @@
 # 02 default security rules
 # 10 fsrules
 # 11 syscallrules
+# 12 customrules
 #
 class audit (
               $buffers                = '320',
diff --git a/templates/customrule.erb b/templates/customrule.erb
new file mode 100644
index 0000000..0dab1b8
--- /dev/null
+++ b/templates/customrule.erb
@@ -0,0 +1 @@
+<% @customrules.each do |rule| %> <%= rule %><% end %>
diff --git a/templates/syscallrule.erb b/templates/syscallrule.erb
index d4c9c9c..8689cf1 100644
--- a/templates/syscallrule.erb
+++ b/templates/syscallrule.erb
@@ -1 +1 @@
--a <%= @action %> <% @fields_eq.each do |field, value| %> -F <%= field %>=<%= value %><% end %><% @fields_neq.each do |field, value| %> -F <%= field %>!=<%= value %><% end %><% @fields.each do |field| %> -F <%= field %><% end %> -S <%= @syscall %> -k <%= @keyname %>
+-a <%= @action %> -S <%= @syscall %> <% @fields_eq.each do |field, value| %> -F <%= field %>=<%= value %><% end %><% @fields_neq.each do |field, value| %> -F <%= field %>!=<%= value %><% end %><% @fields.each do |field| %> -F <%= field %><% end %> -k <%= @keyname %>