Better explain when to use each file

stevegrubb · stevegrubb · commit 8ed522ae8ef3 · 2025-09-09T17:14:06.000-04:00
diff --git a/rules/10-base-config.rules b/rules/10-base-config.rules
@@ -1,3 +1,6 @@
+## This file should be included whenever syscall auditing is desired. It sets
+## up some common parameters needed no matter what additional rules get added.
+
 ## First rule - delete all
 -D
 
diff --git a/rules/10-no-audit.rules b/rules/10-no-audit.rules
@@ -1,7 +1,9 @@
-## This set of rules is to suppress the performance effects of the audit
-## system. The result is that you only get hardwired events. If you need
-## syscall auditing, delete this file and install 10-base-config.rules + 
-## other files to make your audit policy.
+## This set of rules is to negate the performance effects of the audit system
+## by preventing syscall auditing to work. You would use this when you want
+## the best system performance without a properly working audit system. 
+## As a result, you only get hardwired events. If you need syscall auditing,
+## delete this file and install 10-base-config.rules + other files to make
+## your audit policy.
 
 ## First rule - delete all
 -D
