From fc1b1304b1143c361fd33b440457816979a408d8 Mon Sep 17 00:00:00 2001
From: Watson Yuuma Sato <wsato@redhat.com>
Date: Tue, 9 Aug 2022 08:33:34 +0200
Subject: [PATCH 7/7] Merge pull request #9303 from vojtapolasek/rhbz1993822

Patch-name: scap-security-guide-0.1.64-add_warning_audit_rules_for_ospp-PR_9303.patch
Patch-status: add warning to audit_rules_for_ospp
---
 .../auditing/policy_rules/audit_rules_for_ospp/rule.yml  | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml
index 8461089f50..1cc1f231ff 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml
@@ -67,3 +67,12 @@ fixtext: |-
     Then, run the following command to load all audit rules:
 
     $ sudo augenrules --load
+
+warnings:
+    - performance:
+        It might happen that Audit buffer configured by this rule is not large
+        enough for certain use cases. If that is the case, the buffer size can
+        be overridden by placing <pre>-b larger_buffer_size</pre> into a file
+        within <tt>/etc/audit/rules.d</tt> directory, replacing
+        <tt>larger_file_size</tt> with the desired value. The file name should
+        start with a number higher than 10 and lower than 99.
-- 
2.37.2