Skip to content

Commit

Permalink
issue #452 addressed
Browse files Browse the repository at this point in the history 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
  • Loading branch information
@uk-bolly
uk-bolly committed Mar 5, 2024
1 parent dfe8425 commit 540b8ed
Showing 1 changed file with 22 additions and 22 deletions.
44 changes: 22 additions & 22 deletions templates/audit/99_auditd.rules.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,19 +30,19 @@
{% endif %}

{% if rhel_07_030560 %}
-a always,exit -F path=/usr/sbin/semanage -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-priv_change
-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-priv_change
{% endif %}

{% if rhel_07_030570 %}
-a always,exit -F path=/usr/sbin/setsebool -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-priv_change
-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-priv_change
{% endif %}

{% if rhel_07_030580 %}
-a always,exit -F path=/usr/bin/chcon -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-priv_change
-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-priv_change
{% endif %}

{% if rhel_07_030590 %}
-a always,exit -F path=/usr/sbin/setfiles -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-priv_change
-a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-priv_change
{% endif %}

{% if rhel_07_030610 %}
Expand All @@ -54,31 +54,31 @@
{% endif %}

{% if rhel_07_030630 %}
-a always,exit -F path=/usr/bin/passwd -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-passwd
-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-passwd
{% endif %}

{% if rhel_07_030640 %}
-a always,exit -F path=/usr/sbin/unix_chkpwd -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-passwd
-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-passwd
{% endif %}

{% if rhel_07_030650 %}
-a always,exit -F path=/usr/bin/gpasswd -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-passwd
-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-passwd
{% endif %}

{% if rhel_07_030660 %}
-a always,exit -F path=/usr/bin/chage -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-passwd
-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-passwd
{% endif %}

{% if rhel_07_030670 %}
-a always,exit -F path=/usr/sbin/userhelper -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-passwd
-a always,exit -F path=/usr/sbin/userhelper -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-passwd
{% endif %}

{% if rhel_07_030680 %}
-a always,exit -F path=/usr/bin/su -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-priv_change
-a always,exit -F path=/usr/bin/su -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-priv_change
{% endif %}

{% if rhel_07_030690 %}
-a always,exit -F path=/usr/bin/sudo -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-priv_change
-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-priv_change
{% endif %}

{% if rhel_07_030700 %}
Expand All @@ -87,41 +87,41 @@
{% endif %}

{% if rhel_07_030710 %}
-a always,exit -F path=/usr/bin/newgrp -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-priv_change
-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-priv_change
{% endif %}

{% if rhel_07_030720 %}
-a always,exit -F path=/usr/bin/chsh -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-priv_change
-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-priv_change
{% endif %}

{% if rhel_07_030740 %}
-a always,exit -F arch=b32 -S mount -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-mount
-a always,exit -F arch=b64 -S mount -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-mount
-a always,exit -F path=/usr/bin/mount -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-mount
-a always,exit -F arch=b32 -S mount -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-mount
-a always,exit -F arch=b64 -S mount -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-mount
-a always,exit -F path=/usr/bin/mount -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-mount
{% endif %}

{% if rhel_07_030750 %}
-a always,exit -F path=/usr/bin/umount -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-mount
-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-mount
{% endif %}

{% if rhel_07_030760 %}
-a always,exit -F path=/usr/sbin/postdrop -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-postfix
-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-postfix
{% endif %}

{% if rhel_07_030770 %}
-a always,exit -F path=/usr/sbin/postqueue -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-postfix
-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-postfix
{% endif %}

{% if rhel_07_030780 %}
-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-ssh
-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-ssh
{% endif %}

{% if rhel_07_030800 %}
-a always,exit -F path=/usr/bin/crontab -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-cron
-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-cron
{% endif %}

{% if rhel_07_030810 %}
-a always,exit -F path=/usr/sbin/pam_timestamp_check -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-pam
-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset -k privileged-pam
{% endif %}

{% if rhel_07_030819 %}
Expand Down

0 comments on commit 540b8ed

Please sign in to comment.