This snippit in both rules in that file (for both v2.8.5 and v3.0.0) "-F auid=unset -Fuid=chrony" for the second "-F" seems to be missing a space after the "-F". Correct? IRT to the comment in this rule file, "These rules suppress the time-change event when chrony does time updates"; does that mean IF these two rules were not included or commented-out, that the chrony time updates would 'log' events in the audit log? How do these rules 'work' to suppress chrony time updates from being logged? Thank you. R,-Joe
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
