[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Sample Rules



Steve,

Here are examples of some rules we have been working with:

Adding rules:

auditctl -a exit,never -S mount
auditctl -a entry,always -S access -F a1=4
auditctl -a exit,always -S ipc -F a0=2

Deleting rules:

auditctl -d exit,never -S mount
auditctl -d entry,always -S access -F a1=4
auditctl -d exit,always -S ipc -F a0=2

Examples we would like to have:

Task rules.
Examples using more of the -F fields, including mulltiple -F fields in one rule.



Kris Wilson
Linux Security
(512) 838-0126 T/L:678-0126
krisw us ibm com
Inactive hide details for Steve Grubb <sgrubb redhat com>Steve Grubb <sgrubb redhat com>


          Steve Grubb <sgrubb redhat com>
          Sent by: linux-audit-bounces redhat com

          02/10/2005 12:35 PM

          Please respond to
          Linux Audit Discussion

To

Linux Audit Discussion <linux-audit redhat com>

cc


Subject

Sample Rules

Hi,

I'm getting closer to releasing the next version of the audit daemon. I'm
wanting to include a file that has sample auditctl rules demonstrating how to
do various things. I'm open to ideas. What common tasks should be included?
Note the file will be installed in the docs directory rather than being the
default ruleset.

-Steve Grubb

--
Linux-audit mailing list
Linux-audit redhat com
http://www.redhat.com/mailman/listinfo/linux-audit

GIF image

GIF image

GIF image


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]