## V8.13.096.2025.10.09

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

config/hooks/live/9996_auditd.chroot

@@ -338,22 +338,23 @@ cat << EOF >| /etc/audit/rules.d/99-finalize.rules
 -e 2
 EOF
 
+chmod 0640 /etc/audit/rules.d/*.rules
 
 ### Sanity checks: reject empty or malformed rulesets early.
 if ! /sbin/augenrules --check >/dev/null 2>&1; then
 
-  log "ERROR: /sbin/augenrules --check failed. Please fix /etc/audit/rules.d/*.rules"
+  log "ERROR: [/sbin/augenrules --check] failed. Please fix /etc/audit/rules.d/*.rules"
   exit 1
 
 fi
 
-if /sbin/augenrules --load; then
+if /sbin/augenrules; then
 
-  log "INFO: /sbin/augenrules --load, successful."
+  log "INFO: [/sbin/augenrules] successful."
 
 else
 
-  log "ERROR: /sbin/augenrules --load failed."
+  log "ERROR: [/sbin/augenrules] failed."
 
 fi
 
@@ -362,7 +363,7 @@ fi
 if [[ -f /etc/audit/audit.rules ]]; then
 
   chown root:root /etc/audit/audit.rules
-  chmod 0600 /etc/audit/audit.rules
+  chmod 0640 /etc/audit/audit.rules
 
 else
 
@@ -392,5 +393,7 @@ log "Done. /etc/audit/audit.rules is precompiled."
 
 printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
 
+sleep 16
+
 exit 0
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh