From 58910767487923e0e70d1410e239c72765af2997 Mon Sep 17 00:00:00 2001
From: Pierre-Gronau-ndaal
 <72132223+Pierre-Gronau-ndaal@users.noreply.github.com>
Date: Fri, 28 Jul 2023 15:11:28 +0200
Subject: [PATCH] Update audit.rules

---
 audit.rules | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/audit.rules b/audit.rules
index 03ed184..bfb1608 100644
--- a/audit.rules
+++ b/audit.rules
@@ -341,6 +341,10 @@
 -a always,exit -F path=/usr/libexec/sssd/selinux_child -F perm=x -F auid>=500 -F auid!=4294967295 -k T1078_Valid_Accounts
 -a always,exit -F path=/usr/libexec/sssd/proxy_child -F perm=x -F auid>=500 -F auid!=4294967295 -k T1078_Valid_Accounts
 
+## vte-2.91
+-a always,exit -F path=/lib64/vte-2.91/gnome-pty-helper -F perm=x -F auid>=1000 -F auid!=4294967295 -k T1078_Valid_Accounts
+-a always,exit -F path=/usr/lib64/vte-2.91/gnome-pty-helper -F perm=x -F auid>=1000 -F auid!=4294967295 -k T1078_Valid_Accounts
+
 ## T1002 Data Compressed
 
 -w /usr/bin/zip -p x -k Data_Compressed