We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Here there are two b32 arch rules instead of one for 32 and one for 64
-a always,exit -F arch=b32 -S lremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod -a always,exit -F arch=b32 -S lremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod
Third rule down says 'exiu' instead of 'exit'
-a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=access -a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=access -a always,exit -F arch=b64 -S ftruncate -F exiu=-EACCES -F auid>=1000 -F auid!=unset -F key=access -a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=access
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Auditd lremovexattr has duplicate rules because there are two 32 bit rules instead of one 32 and one 64
Record events that modify the system's discretionary access controls
lremovexattr
Here there are two b32 arch rules instead of one for 32 and one for 64
Typo in ftruncate rule
Record unauthorized access attempts to files
ftruncate
Third rule down says 'exiu' instead of 'exit'
The text was updated successfully, but these errors were encountered: