Initial commit

[ta/infra-ansible.git] / roles / audit / templates / 34-failed-actions.rules.j2

diff --git a/roles/audit/templates/34-failed-actions.rules.j2 b/roles/audit/templates/34-failed-actions.rules.j2
new file mode 100644 (file)
index 0000000..e478a80
--- /dev/null
+++ b/roles/audit/templates/34-failed-actions.rules.j2
@@ -0,0 +1,5 @@
+## failed actions
+-a always,exit -F arch=b64 -S all -F exit=-EPERM -F key=access_denied
+-a always,exit -F arch=b64 -S all -F exit=-EACCES -F key=access_denied
+-a always,exit -F arch=b32 -S all -F exit=-EPERM -F key=access_denied
+-a always,exit -F arch=b32 -S all -F exit=-EACCES -F key=access_denied