add config option for global filters

2021-09-20 17:12:30 +02:00
parent 2740f421be
commit 0e2762ca6e
2 changed files with 9 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -150,6 +150,12 @@ auditd_custom_rules:
      - arch=b64
    executable: /bin/id
    comment: execution_bin_id
+  # define general filter rule
+  - type: global_filter
+    action: always,exit
+    filters:
+      - dir=/opt/application
+      - perm=wa
 ```

 All the configurations for the audit daemon are configurable as variables. See `defaults/main.yaml` for more details.