These rules are based on sample rules sets from the linux-audit/audit-userspace git repository https://github.com/linux-audit/audit-userspace/tree/master/rules
These rules are written to the /conf
directory during the TrueNAS ISO / update
build process.
An additional rules set is automatically generated during the update build stage by running the provided privileged-rules.py python script while preparing the TrueNAS squashfs filesystem.
When enterprise editions of TrueNAS SCALE enable STIG compliance mode the rules
files in /conf/audit_rules
are copied to /etc/audit/rules.d
and then read
into auditd via augenrules --load
.