From ea09929bcbb939a4a21ba6ab6e5481ed59710d5d Mon Sep 17 00:00:00 2001
From: Pierre-Gronau-ndaal
 <72132223+Pierre-Gronau-ndaal@users.noreply.github.com>
Date: Sun, 25 Jun 2023 20:28:06 +0200
Subject: [PATCH] Update audit.rules

---
 audit.rules | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/audit.rules b/audit.rules
index 20859c5..3dd0be6 100644
--- a/audit.rules
+++ b/audit.rules
@@ -264,6 +264,15 @@
 -w /etc/systemd/ -p wa -k systemd
 -w /usr/lib/systemd -p wa -k systemd
 
+## https://systemd.network/systemd.generator.html
+-w /etc/systemd/system-generators/ -p wa -k T1543_Create_or_Modify_System_Process_systemd_generator
+-w /usr/local/lib/systemd/system-generators/ -p wa -k T1543_Create_or_Modify_System_Process_systemd_generator
+-w /usr/lib/systemd/system-generators -p wa -k T1543_Create_or_Modify_System_Process_systemd_generator
+
+-w /etc/systemd/user-generators/ -p wa -k T1543_Create_or_Modify_System_Process_systemd_generator
+-w /usr/local/lib/systemd/user-generators/ -p wa -k T1543_Create_or_Modify_System_Process_systemd_generator
+-w /lib/systemd/system-generators/ -p wa -k T1543_Create_or_Modify_System_Process_systemd_generator
+
 ## SELinux events that modify the system's Mandatory Access Controls (MAC)
 -w /etc/selinux/ -p wa -k mac_policy