auditd issues

Update audit.rules

added move_mount syscall. check this --> https://github.com/CheraghiMilad/bypass-Neo23x0-auditd-config/tree/main/open-tree-move_mount_syscall

CheraghiMilad

Update audit.rules - fexecve

5

check this PoC => https://github.com/CheraghiMilad/bypass-Neo23x0-auditd-config.git

CheraghiMilad

monitor execveat syscall which can be use for file less malwares

1

check this https://github.com/vahidmalekk/bypass-Neo23x0-auditd-config/

vahidmalekk

network_modifications key consistency

Modifying the key `network` to `network_modifications` so all keys related have the same name for easier SIEM rules creation

EzLucky

Added shell image for susp shells

Hi, We can added a new shell (elvish) for susp shells. https://github.com/elves/elvish

CheraghiMilad

Update audit.rules

Added it as there are still many Linux distributions that this can be leveraged by attackers to configure boot-time tasks or establish persistence

sh4hin

Monitoring in-memory file executions

Added rules for monitoring in-memory file execution

prashanthpulisetti

Update audit.rules

Hi, I have added monitoring for the execution of binaries used to read files. The current configuration only logs the reading of predefined files, such as /etc/passwd (except for actions...

mlakri

auditd
auditd copied to clipboard

Metadata

Update audit.rules

Update audit.rules - fexecve

monitor execveat syscall which can be use for file less malwares

network_modifications key consistency

Added shell image for susp shells

Update audit.rules

Monitoring in-memory file executions

Update audit.rules

← Metadata

Owner

Metadata

auditd auditd copied to clipboard

Metadata

← Metadata

Owner

Metadata

auditd
auditd copied to clipboard