inspec/test/fixtures/cmd/auditctl

-a always,exit -F arch=b64 -S open,openat -F exit=-EACCES -F key=access
-a always,exit -F arch=b32 -S open,openat -F exit=-EPERM -F key=access
-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=500 f24!=0 -F key=perm_mod
-a always,exit -S all -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=-1 -F key=privileged
-a exit,always -S all -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=-1 -F key=privileged
-w /etc/ssh/sshd_config -p rwxa -k CFG_sshd_config
-w /etc/sudoers -p wa
-w /etc/private-keys -p x
auditd_rules: unit tests, meet the real world 2016-01-29 11:13:52 +01:00			`-a always,exit -F arch=b64 -S open,openat -F exit=-EACCES -F key=access`
auditd resource: test active auditd configuration against the audit daemon (#2133) * Added auditd resource and documentation. Signed-off-by: Jennifer Burns <jburns@mitre.org> * Added unit tests for auditd resource and updated auditd_rules_test to match new entries in auditctl Signed-off-by: Jennifer Burns <jburns@mitre.org> * Removed all legacy code for audit < 2.3. Removed parens to create consistency. Signed-off-by: Jennifer Burns <jburns@mitre.org> * Updated method names and removed unnecessary content based on review Signed-off-by: Jennifer Burns <jburns@mitre.org> 2017-09-18 15:47:18 -04:00			`-a always,exit -F arch=b32 -S open,openat -F exit=-EPERM -F key=access`
auditd_rules: unit tests, meet the real world 2016-01-29 11:13:52 +01:00			`-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=500 f24!=0 -F key=perm_mod`
auditd resource: test active auditd configuration against the audit daemon (#2133) * Added auditd resource and documentation. Signed-off-by: Jennifer Burns <jburns@mitre.org> * Added unit tests for auditd resource and updated auditd_rules_test to match new entries in auditctl Signed-off-by: Jennifer Burns <jburns@mitre.org> * Removed all legacy code for audit < 2.3. Removed parens to create consistency. Signed-off-by: Jennifer Burns <jburns@mitre.org> * Updated method names and removed unnecessary content based on review Signed-off-by: Jennifer Burns <jburns@mitre.org> 2017-09-18 15:47:18 -04:00			`-a always,exit -S all -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=-1 -F key=privileged`
Fix auditd resource processing of action and list Per auditctl(8), the -a option can have either list,action or action,list. This PR matches against valid actions for the action field and passed the remainder off to the list field. Closes #4664 Signed-off-by: Trevor Vaughan <tvaughan@onyxpoint.com> 2019-11-03 17:54:44 -05:00			`-a exit,always -S all -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=-1 -F key=privileged`
auditd_rules: teach old dog new tricks 2016-01-28 17:08:41 +01:00			`-w /etc/ssh/sshd_config -p rwxa -k CFG_sshd_config`
auditd_rules resource: fix get_keys error on lines that have no keys (#2103) * Added line to fix bug when no key in file rule and updated test to validate bug fix Signed-off-by: Jennifer Burns <jburns@mitre.org> * Updated to consider corner case Signed-off-by: Jennifer Burns <jburns@mitre.org> 2017-08-29 01:11:14 -04:00			`-w /etc/sudoers -p wa`
			`-w /etc/private-keys -p x`