sys-process/audit: Revert "Remove old (py3.6)"

Removed too many files/ due to a misgrep.

Reverts: 7494ff77d198e87226f368af01769e2ebb38cb61
Closes: https://bugs.gentoo.org/762919
Signed-off-by: Michał Górny <mgorny@gentoo.org>

1 files changed, 24 insertions, 0 deletions

diff --git a/sys-process/audit/files/audit.rules b/sys-process/audit/files/audit.rules
new file mode 100644
index 000000000000..ef0e6ee26f38
--- /dev/null
+++ b/sys-process/audit/files/audit.rules
@@ -0,0 +1,24 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+#
+# This file contains the auditctl rules that are loaded
+# whenever the audit daemon is started via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# First rule - delete all
+# This is to clear out old rules, so we don't append to them.
+-D
+
+# Feel free to add below this line. See auditctl man page
+
+# The following rule would cause all of the syscalls listed to be ignored in logging.
+# -a entry,never -S read -S write -S open -S fstat -S fstat64 -S mmap -S brk -S munmap -S _llseek -S nanosleep -S fcntl64 -S close -S dup2 -S rt_sigaction -S stat64 -S stat
+
+# The following rule would cause the capture of all systems not caught above.
+# -a entry,always -S all
+
+# Increase the buffers to survive stress events
+-b 256
+
+# vim:ft=conf: