**Exception**

The audit rules which monitor ``chmod``, ``fchmod``, and ``fchmodat``
syscalls can cause high CPU and I/O load during OpenStack-Ansible deployments
and while updating packages with apt. By default, these rules are disabled.

These audit rules can be enabled by setting any of the following variables:

.. code-block:: yaml

    auditd_rules['DAC_chmod']: yes
    auditd_rules['DAC_fchmod']: yes
    auditd_rules['DAC_fchmodat']: yes