V8.04.002.2025.08.11

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

config/hooks/live/9996_auditd.chroot

@@ -48,20 +48,20 @@ cat << EOF >| /etc/audit/rules.d/11-loginuid.rules
 EOF
 
 ############################################################### /etc/audit/rules.d/20-dont-audit.rules
-cat << EOF >| /etc/audit/rules.d/20-dont-audit.rules
+#cat << EOF >| /etc/audit/rules.d/20-dont-audit.rules
 ## This is for don't audit rules. We put these early because audit
 ### is a first match wins system. Uncomment the rules you want.
 
 ## Cron jobs fill the logs with stuff we normally don't want
--a never,user -F subj_type=crond_t
+#-a never,user -F subj_type=crond_t
 
 ## This prevents chrony from overwhelming the logs
--a never,exit -F arch=x86_64 -S adjtimex -F auid=unset -F uid=_chrony -F subj_type=chronyd_t
+#-a never,exit -F arch=x86_64 -S adjtimex -F auid=unset -F uid=_chrony -F subj_type=chronyd_t
 
 ### This is not very interesting and wastes a lot of space if
 ### the server is public facing
--a always,exclude -F msgtype=CRYPTO_KEY_USER
-EOF
+#-a always,exclude -F msgtype=CRYPTO_KEY_USER
+#EOF
 
 ############################################################### /etc/audit/rules.d/21-no32bit.rules
 cat << EOF >| /etc/audit/rules.d/21-no32bit.rules