Merge pull request #7381 from wazuh/change/7283-auditd-remove-never-t…

…ask-rule Modify note related to 'never,task' rule in auditd
wazuh · Jun 11, 2024 · 94c7ce7 · 94c7ce7
2 parents f8d8a96 + c63a11b
commit 94c7ce7
Showing 1 changed file with 1 addition and 7 deletions.
diff --git a/source/user-manual/capabilities/file-integrity/advanced-settings.rst b/source/user-manual/capabilities/file-integrity/advanced-settings.rst
@@ -75,13 +75,7 @@ In most systems, auditd includes a rule to skip processing of every audit rule b
  
       # auditctl -l | grep task
  
-#. If the output displays the ``-a never,task`` rule, add the following filter rule in ``/etc/audit/rules.d/audit.rules``. Make sure to place it before the mentioned rule.
-
-   .. code-block:: none
-      :emphasize-lines: 1
- 
-      -a always,task -F exe=‘/var/ossec/bin/wazuh-syscheckd’
-      -a never,task
+#. If the output displays the ``-a never,task`` rule, remove it from the audit rules file located at ``/etc/audit/rules.d/audit.rules``.
 
 #. After that, restart auditd and Wazuh agent to apply the changes: