auditd icon indicating copy to clipboard operation
auditd copied to clipboard

Published 20 hours ago verified publisher icon Neo23x0

Update audit.rules

Open mlakri opened this issue 1 year ago • 0 comments
trafficstars

Hi,

I have added monitoring for the execution of binaries used to read files. The current configuration only logs the reading of predefined files, such as /etc/passwd (except for actions performed by the root user). For example, if we have a sensitive file located in a directory like /opt/CustomApp/Sensitive.conf, I believe the current configuration does not log this action.

mlakri avatar Nov 16 '24 21:11 mlakri