Skip to content

Commit

Permalink
Merge pull request #103 from Pierre-Gronau-ndaal/patch-42
Browse files Browse the repository at this point in the history 
Update audit.rules
  • Loading branch information
@Neo23x0
Neo23x0 committed Jul 28, 2023
2 parents 49de100 + 6ee38ae commit fe17533
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions audit.rules
View file
Original file line number Diff line number Diff line change
Expand Up @@ -368,6 +368,13 @@
-w /usr/local/bin/xfreerdp -p x -k susp_activity
-w /usr/bin/nmap -p x -k susp_activity

## sssd
-a always,exit -F path=/usr/libexec/sssd/p11_child -F perm=x -F auid>=500 -F auid!=4294967295 -k T1078_Valid_Accounts
-a always,exit -F path=/usr/libexec/sssd/krb5_child -F perm=x -F auid>=500 -F auid!=4294967295 -k T1078_Valid_Accounts
-a always,exit -F path=/usr/libexec/sssd/ldap_child -F perm=x -F auid>=500 -F auid!=4294967295 -k T1078_Valid_Accounts
-a always,exit -F path=/usr/libexec/sssd/selinux_child -F perm=x -F auid>=500 -F auid!=4294967295 -k T1078_Valid_Accounts
-a always,exit -F path=/usr/libexec/sssd/proxy_child -F perm=x -F auid>=500 -F auid!=4294967295 -k T1078_Valid_Accounts

## T1002 Data Compressed

-w /usr/bin/zip -p x -k Data_Compressed
Expand Down

0 comments on commit fe17533

Please sign in to comment.