If the auditd
daemon is configured to use the
augenrules
program to read audit rules during daemon startup (the
default), add the following line to a file with suffix .rules
in the
directory /etc/audit/rules.d
:
-w /etc/selinux/ -p wa -k MAC-policy
If the auditd
daemon is configured to use the auditctl
utility to read audit rules during daemon startup, add the following line to
/etc/audit/audit.rules
file:
-w /etc/selinux/ -p wa -k MAC-policy