Status: IN
Persistent audit rules are placed in `/etc/audit/rules.d/`; `/etc/audit/audit.rules` is auto-generated by `augenrules` on service start.
Source: repo:entries/2026/03/04/en-documentation-red_hat_enterprise_linux-9-html-security_hardening-auditing-the.md