luzifer-arch/luzifer
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
luzifer/base/usr/share/luzifer/base-setup/roles/security/files/audit.rules
Knut Ahlers 172232806a
Move setup to roles 
Signed-off-by: Knut Ahlers <knut@ahlers.me>
2024-08-28 20:21:34 +02:00

31 lines
1 KiB
Text
Raw Blame History

# CNSPEC: Ensure events that modify user/group information are collected
-w /etc/group -p wa -k identity
-w /etc/passwd -p wa -k identity
-w /etc/gshadow -p wa -k identity
-w /etc/shadow -p wa -k identity
-w /etc/security/opasswd -p wa -k identity
# CNSPEC: Ensure changes to system administration scope (sudoers) is collected
-w /etc/sudoers -p wa -k scope
-w /etc/sudoers.d -p wa -k scope
# CNSPEC: Ensure events that modify the system's Mandatory Access Controls are collected
-w /etc/apparmor/ -p wa -k MAC-policy
-w /etc/apparmor.d/ -p wa -k MAC-policy
# CNSPEC: Ensure session initiation information is collected
-w /var/run/utmp -p wa -k session
-w /var/log/wtmp -p wa -k logins
-w /var/log/btmp -p wa -k logins
# CNSPEC: Ensure kernel module loading and unloading is collected
-w /sbin/insmod -p x -k modules
-w /sbin/rmmod -p x -k modules
-w /sbin/modprobe -p x -k modules
# Disabled as of https://gitlab.archlinux.org/archlinux/packaging/packages/audit/-/issues/2
#-a always,exit -F arch=b64 -S init_module -S delete_module -k modules
Reference in a new issue View git blame Copy permalink