Initial commit

[ta/infra-ansible.git] / roles / audit / templates / 12-filter-users.rules.j2

diff --git a/roles/audit/templates/12-filter-users.rules.j2 b/roles/audit/templates/12-filter-users.rules.j2
new file mode 100644 (file)
index 0000000..28d991a
--- /dev/null
+++ b/roles/audit/templates/12-filter-users.rules.j2
@@ -0,0 +1,3 @@
+## No more rules checked if the user does not have a valid uid or it is a system user
+-a exit,never -F auid=4294967295
+-a exit,never -F auid!=0 -F auid<{{ uid_min }}