/etc/audit/rules.d/audit.rules is in auditd 1:2.3.2-2ubuntu1.
This file is owned by root:root, with mode 0o640.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 | # This file contains the auditctl rules that are loaded
# whenever the audit daemon is started via the initscripts.
# The rules are simply the parameters that would be passed
# to auditctl.
# First rule - delete all
-D
# Increase the buffers to survive stress events.
# Make this bigger for busy systems
-b 320
# Feel free to add below this line. See auditctl man page
|