mirror of
https://github.com/inspec/inspec
synced 2024-12-21 02:23:13 +00:00
ec18dce62b
* Added auditd resource and documentation. Signed-off-by: Jennifer Burns <jburns@mitre.org> * Added unit tests for auditd resource and updated auditd_rules_test to match new entries in auditctl Signed-off-by: Jennifer Burns <jburns@mitre.org> * Removed all legacy code for audit < 2.3. Removed parens to create consistency. Signed-off-by: Jennifer Burns <jburns@mitre.org> * Updated method names and removed unnecessary content based on review Signed-off-by: Jennifer Burns <jburns@mitre.org>
8 lines
528 B
Text
8 lines
528 B
Text
-a always,exit -F arch=b64 -S open,openat -F exit=-EACCES -F key=access
|
|
-a always,exit -F arch=b32 -S open,openat -F exit=-EPERM -F key=access
|
|
-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=500 f24!=0 -F key=perm_mod
|
|
-a always,exit -S all -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=-1 -F key=privileged
|
|
-a always,exit -S all -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=-1 -F key=privileged
|
|
-w /etc/ssh/sshd_config -p rwxa -k CFG_sshd_config
|
|
-w /etc/sudoers -p wa
|
|
-w /etc/private-keys -p x
|