this post was submitted on 19 Jan 2024
1 points (100.0% liked)

Sysadmin

12 readers
1 users here now

A reddit dedicated to the profession of Computer System Administration.

founded 2 years ago
MODERATORS
[email protected]
1
Having trouble with Linux audit rules (zerobytes.monster)
submitted 11 months ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 
This is an automated archive.

The original was posted on /r/sysadmin by /u/SpringOreo on 2024-01-19 13:13:00+00:00.

Going through STIGs I need audit rules on my machines to be an exact way. In my audit.rules file they show as

-a always,exit -F path=/bin/su -F perm=x auid>=1000 -F auid!=4294967295 -k

But when during the check and running auditctl -l the rules show up as

-a always,exit -S all -F path=/bin/su -F perm=x -F auid>=1000 -F auid!=-1 -F

I'm having trouble figuring out why the rules I created are different from the ones that are loaded and being listed?

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here