From fc1b1304b1143c361fd33b440457816979a408d8 Mon Sep 17 00:00:00 2001

From: Watson Yuuma Sato <wsato@redhat.com>

Date: Tue, 9 Aug 2022 08:33:34 +0200

Subject: [PATCH 7/7] Merge pull request #9303 from vojtapolasek/rhbz1993822

Patch-name: scap-security-guide-0.1.64-add_warning_audit_rules_for_ospp-PR_9303.patch

Patch-status: add warning to audit_rules_for_ospp

---

 .../auditing/policy_rules/audit_rules_for_ospp/rule.yml  | 9 +++++++++

 1 file changed, 9 insertions(+)

diff --git a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml

index 8461089f50..1cc1f231ff 100644

--- a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml

+++ b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml

@@ -67,3 +67,12 @@ fixtext: |-

     Then, run the following command to load all audit rules:

     $ sudo augenrules --load

+

+warnings:

+    - performance:

+        It might happen that Audit buffer configured by this rule is not large

+        enough for certain use cases. If that is the case, the buffer size can

+        be overridden by placing 
-b larger_buffer_size
 into a file

+        within <tt>/etc/audit/rules.d</tt> directory, replacing

+        <tt>larger_file_size</tt> with the desired value. The file name should

+        start with a number higher than 10 and lower than 99.

-- 

2.37.2