2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-12-19 01:23:50 +00:00
inspec/test/unit/mock/cmd/auditctl
Jennifer Burns ec18dce62b auditd resource: test active auditd configuration against the audit daemon ()
* Added auditd resource and documentation.

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Added unit tests for auditd resource and updated auditd_rules_test to match new entries in auditctl

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Removed all legacy code for audit < 2.3. Removed parens to create consistency.

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Updated method names and removed unnecessary content based on review

Signed-off-by: Jennifer Burns <jburns@mitre.org>
2017-09-18 21:47:18 +02:00

8 lines
528 B
Text

-a always,exit -F arch=b64 -S open,openat -F exit=-EACCES -F key=access
-a always,exit -F arch=b32 -S open,openat -F exit=-EPERM -F key=access
-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=500 f24!=0 -F key=perm_mod
-a always,exit -S all -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=-1 -F key=privileged
-a always,exit -S all -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=-1 -F key=privileged
-w /etc/ssh/sshd_config -p rwxa -k CFG_sshd_config
-w /etc/sudoers -p wa
-w /etc/private-keys -p x