Modified steps to allow whodata to monitoring files by removing never…

…, task audit rule
wazuh · Jun 11, 2024 · 7ca8328 · 7ca8328
1 parent f8d8a96
commit 7ca8328
Showing 1 changed file with 1 addition and 7 deletions.
diff --git a/source/user-manual/capabilities/file-integrity/advanced-settings.rst b/source/user-manual/capabilities/file-integrity/advanced-settings.rst
@@ -75,13 +75,7 @@ In most systems, auditd includes a rule to skip processing of every audit rule b
  
       # auditctl -l | grep task
  
-#. If the output displays the ``-a never,task`` rule, add the following filter rule in ``/etc/audit/rules.d/audit.rules``. Make sure to place it before the mentioned rule.
-
-   .. code-block:: none
-      :emphasize-lines: 1
- 
-      -a always,task -F exe=‘/var/ossec/bin/wazuh-syscheckd’
-      -a never,task
+#. If the output displays the ``-a never,task`` rule, remove it in the audit rules file ``/etc/audit/rules.d/audit.rules``.
 
 #. After that, restart auditd and Wazuh agent to apply the changes: