Skip to content

Commit

Permalink
Update audit.rules
Browse files Browse the repository at this point in the history
  • Loading branch information
@Pierre-Gronau-ndaal
Pierre-Gronau-ndaal committed Jul 28, 2023
1 parent 1646590 commit 79852cc
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions audit.rules
View file
Original file line number Diff line number Diff line change
Expand Up @@ -417,6 +417,10 @@
-w /usr/sbin/traceroute -p x -k sbin_susp
-w /usr/sbin/ufw -p x -k sbin_susp

### kde4
-a always,exit -F path=/usr/libexec/kde4/kpac_dhcp_helper -F perm=x -F auid>=1000 -F auid!=4294967295 -k T1078_Valid_Accounts
-a always,exit -F path=/usr/libexec/kde4/kdesud -F perm=x -F auid>=1000 -F auid!=4294967295 -k T1078_Valid_Accounts

## dbus-send invocation
### may indicate privilege escalation CVE-2021-3560
-w /usr/bin/dbus-send -p x -k dbus_send
Expand Down

0 comments on commit 79852cc

Please sign in to comment.