##- Use of privileged commands (unsuccessful and successful)
## You can run the following commands to generate the rules:
#find /bin -type f -perm -04000 2>/dev/null | awk '{ printf "-a always,exit -F path=%s -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $1 }' > priv.rules
#find /sbin -type f -perm -04000 2>/dev/null | awk '{ printf "-a always,exit -F path=%s -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $1 }' >> priv.rules
#find /usr/bin -type f -perm -04000 2>/dev/null | awk '{ printf "-a always,exit -F path=%s -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $1 }' >> priv.rules
#find /usr/sbin -type f -perm -04000 2>/dev/null | awk '{ printf "-a always,exit -F path=%s -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $1 }' >> priv.rules
#filecap /bin 2>/dev/null | sed '1d' | awk '{ printf "-a always,exit -F path=%s -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $2 }' >> priv.rules
#filecap /sbin 2>/dev/null | sed '1d' | awk '{ printf "-a always,exit -F path=%s -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $2 }' >> priv.rules
#filecap /usr/bin 2>/dev/null | sed '1d' | awk '{ printf "-a always,exit -F path=%s -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $2 }' >> priv.rules
#filecap /usr/sbin 2>/dev/null | sed '1d' | awk '{ printf "-a always,exit -F path=%s -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $2 }' >> priv.rules
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| 10-base-config.rules | File | 163 B | 0644 |
|
| 10-no-audit.rules | File | 284 B | 0644 |
|
| 11-loginuid.rules | File | 93 B | 0644 |
|
| 12-cont-fail.rules | File | 329 B | 0644 |
|
| 12-ignore-error.rules | File | 323 B | 0644 |
|
| 20-dont-audit.rules | File | 516 B | 0644 |
|
| 21-no32bit.rules | File | 273 B | 0644 |
|
| 22-ignore-chrony.rules | File | 252 B | 0644 |
|
| 23-ignore-filesystems.rules | File | 506 B | 0644 |
|
| 30-nispom.rules | File | 4.8 KB | 0644 |
|
| 30-ospp-v42.rules | File | 10.15 KB | 0644 |
|
| 30-pci-dss-v31.rules | File | 5.81 KB | 0644 |
|
| 30-stig.rules | File | 6.44 KB | 0644 |
|
| 31-privileged.rules | File | 1.42 KB | 0644 |
|
| 32-power-abuse.rules | File | 213 B | 0644 |
|
| 40-local.rules | File | 156 B | 0644 |
|
| 41-containers.rules | File | 439 B | 0644 |
|
| 42-injection.rules | File | 672 B | 0644 |
|
| 43-module-load.rules | File | 398 B | 0644 |
|
| 70-einval.rules | File | 326 B | 0644 |
|
| 71-networking.rules | File | 151 B | 0644 |
|
| 99-finalize.rules | File | 86 B | 0644 |
|
| README-rules | File | 1.17 KB | 0644 |
|