Code Review
/
ta
/
infra-ansible.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
| inline |
side by side
Initial commit
[ta/infra-ansible.git]
/
roles
/
audit
/
templates
/
33-avoid-flood.rules.j2
diff --git a/roles/audit/templates/33-avoid-flood.rules.j2
b/roles/audit/templates/33-avoid-flood.rules.j2
new file mode 100644
(file)
index 0000000..
ae87739
--- /dev/null
+++ b/
roles/audit/templates/33-avoid-flood.rules.j2
@@ -0,0
+1,4
@@
+## The purpose of this rule is to exclude reports that flooding normally the audit
+-a never,exit -F arch=b32 -S setsockopt
+-a never,exit -F arch=b64 -S setsockopt
+-a always,exclude -F msgtype=netfilter_cfg
Code Review / ta / infra-ansible.git / blobdiff