Skip to content

Commit

Permalink
Update audit.rules yash
Browse files Browse the repository at this point in the history
  • Loading branch information
@Pierre-Gronau-ndaal
Pierre-Gronau-ndaal authored Aug 15, 2023
1 parent 639bad5 commit 19b8601
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions audit.rules
View file
Original file line number Diff line number Diff line change
Expand Up @@ -417,6 +417,10 @@
-w /bin/open -p x -k susp_shell
-w /bin/rbash -p x -k susp_shell

### https://gtfobins.github.io/gtfobins/yash/
-w /bin/yash -p x -k susp_shell
-w /usr/bin/yash -p x -k susp_shell

# Web Server Actvity
## Change the number "33" to the ID of your WebServer user. Default: www-data:x:33:33
-a always,exit -F arch=b64 -S execve -F euid=33 -k detect_execve_www
Expand Down

0 comments on commit 19b8601

Please sign in to comment.