auditd

auditd copied to clipboard

Pierre-Gronau-ndaal

Pierre-Gronau-ndaal

User IDs standard

3

Why mixing `auid!=4294967295` `auid!=-1` instead of using: `auid!=unset` since it is exactly the same ?

EmptyByte

logging root authorized_keys file manipulation

1

for correct logging add pls under the section *## root ssh key tampering* such value `-w /root/.ssh/authorized_keys -p wa -k rootkey` Commands for check: ```console ssh-keygen -t rsa -f test_key...

borross

log bypass

1

Hello, Thank you very much for your work! A Log bypass is possible by executing the binary flagged with "ld-linux.so". ```sh /usr/bin/dpkg # This is logged /lib64/ld-linux-x86-64.so.2 /usr/bin/dpkg # Not...

tititototutu

Autoupdate script

1

Hi Florian, Thank you for the rules you're maintaining. I've created a small script in order to autoupdate my local auditd rules with this repo. Might be you and others...

DavidOsipov

Pierre-Gronau-ndaal

Actvity->Activity

TecDiver

Update audit.rules

1

Added Timestomping detection

vxsh4d0w

IPv4 & IPv6 connections - Parsing/Logging Format Conundrum

1

Hello, Just wanted to take a moment to appreciate and thank you for this wonderful work as the audit.rules here is the one we used as a reference to adapt...

softwcoder