File: audit.yml

package info (click to toggle)
scap-security-guide 0.1.79-1
  • links: PTS, VCS
  • area: main
  • in suites: forky
  • size: 114,704 kB
  • sloc: xml: 244,677; sh: 84,647; python: 33,203; makefile: 27
file content (355 lines) | stat: -rw-r--r-- 13,990 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
 
groups:
- audit_dac_actions
- audit_execution_acl_commands
- audit_execution_selinux_commands
- audit_file_deletion_events
- audit_file_modification
- audit_kernel_module_loading
- audit_login_events
- audit_privileged_commands
- audit_time_rules
- auditd_configure_rules
- auditing
- configure_auditd_data_retention
name: audit
packages:
- audispd-plugins
- audit
- audit-audispd-plugins
- audit-libs
rules:
- audit_access_failed
- audit_access_failed_aarch64
- audit_access_failed_ppc64le
- audit_access_success
- audit_access_success_aarch64
- audit_access_success_ppc64le
- audit_basic_configuration
- audit_create_failed
- audit_create_failed_aarch64
- audit_create_failed_ppc64le
- audit_create_success
- audit_create_success_aarch64
- audit_create_success_ppc64le
- audit_delete_failed
- audit_delete_failed_aarch64
- audit_delete_failed_ppc64le
- audit_delete_success
- audit_delete_success_aarch64
- audit_delete_success_ppc64le
- audit_immutable_login_uids
- audit_modify_failed
- audit_modify_failed_aarch64
- audit_modify_failed_ppc64le
- audit_modify_success
- audit_modify_success_aarch64
- audit_modify_success_ppc64le
- audit_module_load
- audit_module_load_ppc64le
- audit_ospp_general
- audit_ospp_general_aarch64
- audit_ospp_general_ppc64le
- audit_owner_change_failed
- audit_owner_change_failed_aarch64
- audit_owner_change_failed_ppc64le
- audit_owner_change_success
- audit_owner_change_success_aarch64
- audit_owner_change_success_ppc64le
- audit_perm_change_failed
- audit_perm_change_failed_aarch64
- audit_perm_change_failed_ppc64le
- audit_perm_change_success
- audit_perm_change_success_aarch64
- audit_perm_change_success_ppc64le
- audit_privileged_commands_init
- audit_privileged_commands_poweroff
- audit_privileged_commands_reboot
- audit_privileged_commands_shutdown
- audit_rules_continue_loading
- audit_rules_dac_modification_chmod
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
- audit_rules_dac_modification_fsetxattr
- audit_rules_dac_modification_lchown
- audit_rules_dac_modification_lremovexattr
- audit_rules_dac_modification_lsetxattr
- audit_rules_dac_modification_removexattr
- audit_rules_dac_modification_setxattr
- audit_rules_dac_modification_umount
- audit_rules_dac_modification_umount2
- audit_rules_enable_syscall_auditing
- audit_rules_etc_group_open
- audit_rules_etc_group_open_by_handle_at
- audit_rules_etc_group_openat
- audit_rules_etc_gshadow_open
- audit_rules_etc_gshadow_open_by_handle_at
- audit_rules_etc_gshadow_openat
- audit_rules_etc_passwd_open
- audit_rules_etc_passwd_open_by_handle_at
- audit_rules_etc_passwd_openat
- audit_rules_etc_shadow_open
- audit_rules_etc_shadow_open_by_handle_at
- audit_rules_etc_shadow_openat
- audit_rules_execution_chacl
- audit_rules_execution_chcon
- audit_rules_execution_chmod
- audit_rules_execution_restorecon
- audit_rules_execution_rm
- audit_rules_execution_semanage
- audit_rules_execution_setfacl
- audit_rules_execution_setfiles
- audit_rules_execution_setsebool
- audit_rules_execution_seunshare
- audit_rules_file_deletion_events
- audit_rules_file_deletion_events_rename
- audit_rules_file_deletion_events_renameat
- audit_rules_file_deletion_events_renameat2
- audit_rules_file_deletion_events_rmdir
- audit_rules_file_deletion_events_unlink
- audit_rules_file_deletion_events_unlinkat
- audit_rules_for_ospp
- audit_rules_immutable
- audit_rules_immutable_login_uids
- audit_rules_kernel_module_loading
- audit_rules_kernel_module_loading_create
- audit_rules_kernel_module_loading_delete
- audit_rules_kernel_module_loading_finit
- audit_rules_kernel_module_loading_init
- audit_rules_kernel_module_loading_query
- audit_rules_login_events
- audit_rules_login_events_faillock
- audit_rules_login_events_faillog
- audit_rules_login_events_lastlog
- audit_rules_login_events_tallylog
- audit_rules_mac_modification
- audit_rules_mac_modification_etc_apparmor
- audit_rules_mac_modification_etc_apparmor_d
- audit_rules_mac_modification_etc_selinux
- audit_rules_mac_modification_usr_share
- audit_rules_media_export
- audit_rules_networkconfig_modification
- audit_rules_networkconfig_modification_etc_hosts
- audit_rules_networkconfig_modification_etc_issue
- audit_rules_networkconfig_modification_etc_issue_net
- audit_rules_networkconfig_modification_etc_networkmanager_system_connections
- audit_rules_networkconfig_modification_etc_sysconfig_network
- audit_rules_networkconfig_modification_hostname_file
- audit_rules_networkconfig_modification_network_scripts
- audit_rules_networkconfig_modification_networkmanager
- audit_rules_networkconfig_modification_setdomainname
- audit_rules_networkconfig_modification_sethostname
- audit_rules_privileged_commands
- audit_rules_privileged_commands_apparmor_parser
- audit_rules_privileged_commands_at
- audit_rules_privileged_commands_chage
- audit_rules_privileged_commands_chfn
- audit_rules_privileged_commands_chsh
- audit_rules_privileged_commands_crontab
- audit_rules_privileged_commands_dbus_daemon_launch_helper
- audit_rules_privileged_commands_fdisk
- audit_rules_privileged_commands_fusermount
- audit_rules_privileged_commands_fusermount3
- audit_rules_privileged_commands_gpasswd
- audit_rules_privileged_commands_grub2_set_bootflag
- audit_rules_privileged_commands_insmod
- audit_rules_privileged_commands_kmod
- audit_rules_privileged_commands_modprobe
- audit_rules_privileged_commands_mount
- audit_rules_privileged_commands_mount_nfs
- audit_rules_privileged_commands_newgidmap
- audit_rules_privileged_commands_newgrp
- audit_rules_privileged_commands_newuidmap
- audit_rules_privileged_commands_pam_timestamp_check
- audit_rules_privileged_commands_passmass
- audit_rules_privileged_commands_passwd
- audit_rules_privileged_commands_pkexec
- audit_rules_privileged_commands_polkit_helper
- audit_rules_privileged_commands_postdrop
- audit_rules_privileged_commands_postqueue
- audit_rules_privileged_commands_pt_chown
- audit_rules_privileged_commands_rmmod
- audit_rules_privileged_commands_sssd_krb5_child
- audit_rules_privileged_commands_sssd_ldap_child
- audit_rules_privileged_commands_sssd_proxy_child
- audit_rules_privileged_commands_sssd_selinux_child
- audit_rules_privileged_commands_ssh_agent
- audit_rules_privileged_commands_ssh_keysign
- audit_rules_privileged_commands_su
- audit_rules_privileged_commands_sudo
- audit_rules_privileged_commands_sudoedit
- audit_rules_privileged_commands_umount
- audit_rules_privileged_commands_unix2_chkpwd
- audit_rules_privileged_commands_unix_chkpwd
- audit_rules_privileged_commands_unix_update
- audit_rules_privileged_commands_userhelper
- audit_rules_privileged_commands_usermod
- audit_rules_privileged_commands_usernetctl
- audit_rules_privileged_commands_utempter
- audit_rules_privileged_commands_write
- audit_rules_session_events
- audit_rules_session_events_btmp
- audit_rules_session_events_utmp
- audit_rules_session_events_wtmp
- audit_rules_successful_file_modification_chmod
- audit_rules_successful_file_modification_chown
- audit_rules_successful_file_modification_creat
- audit_rules_successful_file_modification_fchmod
- audit_rules_successful_file_modification_fchmodat
- audit_rules_successful_file_modification_fchown
- audit_rules_successful_file_modification_fchownat
- audit_rules_successful_file_modification_fremovexattr
- audit_rules_successful_file_modification_fsetxattr
- audit_rules_successful_file_modification_ftruncate
- audit_rules_successful_file_modification_lchown
- audit_rules_successful_file_modification_lremovexattr
- audit_rules_successful_file_modification_lsetxattr
- audit_rules_successful_file_modification_open
- audit_rules_successful_file_modification_open_by_handle_at
- audit_rules_successful_file_modification_open_by_handle_at_o_creat
- audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write
- audit_rules_successful_file_modification_open_o_creat
- audit_rules_successful_file_modification_open_o_trunc_write
- audit_rules_successful_file_modification_openat
- audit_rules_successful_file_modification_openat_o_creat
- audit_rules_successful_file_modification_openat_o_trunc_write
- audit_rules_successful_file_modification_removexattr
- audit_rules_successful_file_modification_rename
- audit_rules_successful_file_modification_renameat
- audit_rules_successful_file_modification_setxattr
- audit_rules_successful_file_modification_truncate
- audit_rules_successful_file_modification_unlink
- audit_rules_successful_file_modification_unlinkat
- audit_rules_sudoers
- audit_rules_sudoers_d
- audit_rules_suid_privilege_function
- audit_rules_suid_auid_privilege_function
- audit_rules_sysadmin_actions
- audit_rules_system_shutdown
- audit_rules_time_adjtimex
- audit_rules_time_clock_settime
- audit_rules_time_settimeofday
- audit_rules_time_stime
- audit_rules_time_watch_localtime
- audit_rules_unsuccessful_file_modification
- audit_rules_unsuccessful_file_modification_chmod
- audit_rules_unsuccessful_file_modification_chown
- audit_rules_unsuccessful_file_modification_creat
- audit_rules_unsuccessful_file_modification_fchmod
- audit_rules_unsuccessful_file_modification_fchmodat
- audit_rules_unsuccessful_file_modification_fchown
- audit_rules_unsuccessful_file_modification_fchownat
- audit_rules_unsuccessful_file_modification_fremovexattr
- audit_rules_unsuccessful_file_modification_fsetxattr
- audit_rules_unsuccessful_file_modification_ftruncate
- audit_rules_unsuccessful_file_modification_lchown
- audit_rules_unsuccessful_file_modification_lremovexattr
- audit_rules_unsuccessful_file_modification_lsetxattr
- audit_rules_unsuccessful_file_modification_open
- audit_rules_unsuccessful_file_modification_open_by_handle_at
- audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat
- audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write
- audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order
- audit_rules_unsuccessful_file_modification_open_o_creat
- audit_rules_unsuccessful_file_modification_open_o_trunc_write
- audit_rules_unsuccessful_file_modification_open_rule_order
- audit_rules_unsuccessful_file_modification_openat
- audit_rules_unsuccessful_file_modification_openat_o_creat
- audit_rules_unsuccessful_file_modification_openat_o_trunc_write
- audit_rules_unsuccessful_file_modification_openat_rule_order
- audit_rules_unsuccessful_file_modification_removexattr
- audit_rules_unsuccessful_file_modification_rename
- audit_rules_unsuccessful_file_modification_renameat
- audit_rules_unsuccessful_file_modification_renameat2
- audit_rules_unsuccessful_file_modification_setxattr
- audit_rules_unsuccessful_file_modification_truncate
- audit_rules_unsuccessful_file_modification_unlink
- audit_rules_unsuccessful_file_modification_unlinkat
- audit_rules_usergroup_modification
- audit_rules_usergroup_modification_group
- audit_rules_usergroup_modification_gshadow
- audit_rules_usergroup_modification_opasswd
- audit_rules_usergroup_modification_passwd
- audit_rules_usergroup_modification_shadow
- audit_rules_usergroup_modification_nsswitch_conf
- audit_rules_usergroup_modification_pam_conf
- audit_rules_usergroup_modification_pamd
- audit_rules_var_log_journal
- audit_sudo_log_events
- auditd_audispd_configure_remote_server
- auditd_audispd_configure_sufficiently_large_partition
- auditd_audispd_disk_full_action
- auditd_audispd_encrypt_sent_records
- auditd_audispd_network_failure_action
- auditd_audispd_remote_daemon_activated
- auditd_audispd_remote_daemon_direction
- auditd_audispd_remote_daemon_path
- auditd_audispd_remote_daemon_type
- auditd_audispd_syslog_plugin_activated
- auditd_data_disk_error_action
- auditd_data_disk_error_action_stig
- auditd_data_disk_full_action
- auditd_data_disk_full_action_stig
- auditd_data_retention_action_mail_acct
- auditd_data_retention_admin_space_left_action
- auditd_data_retention_admin_space_left_percentage
- auditd_data_retention_flush
- auditd_data_retention_max_log_file
- auditd_data_retention_max_log_file_action
- auditd_data_retention_max_log_file_action_stig
- auditd_data_retention_num_logs
- auditd_data_retention_space_left
- auditd_data_retention_space_left_action
- auditd_data_retention_space_left_percentage
- auditd_freq
- auditd_local_events
- auditd_log_format
- auditd_name_format
- auditd_offload_logs
- auditd_overflow_action
- auditd_write_logs
- coreos_audit_backlog_limit_kernel_argument
- coreos_audit_option
- directory_access_var_log_audit
- directory_group_ownership_var_log_audit
- directory_ownership_var_log_audit
- directory_permissions_var_log_audit
- file_group_ownership_var_log_audit
- file_group_ownership_var_log_audit_stig
- file_groupownership_audit_configuration
- file_ownership_audit_configuration
- file_ownership_var_log_audit
- file_ownership_var_log_audit_stig
- file_permissions_audit_configuration
- file_permissions_etc_audit_auditd
- file_permissions_etc_audit_rulesd
- file_permissions_etc_audit_rules
- file_permissions_var_log_audit
- file_permissions_var_log_audit_stig
- grub2_audit_argument
- grub2_audit_backlog_limit_argument
- package_audispd-plugins_installed
- package_audit-audispd-plugins_installed
- package_audit-libs_installed
- package_audit_installed
- service_auditd_enabled
- audit_rules_etc_cron_d
- audit_rules_var_spool_cron
templates:
- audit_file_contents
- audit_rules_dac_modification
- audit_rules_file_deletion_events
- audit_rules_login_events
- audit_rules_path_syscall
- audit_rules_privileged_commands
- audit_rules_syscall_events
- audit_rules_unsuccessful_file_modification
- audit_rules_unsuccessful_file_modification_o_creat
- audit_rules_unsuccessful_file_modification_o_trunc_write
- audit_rules_unsuccessful_file_modification_rule_order
- audit_rules_usergroup_modification
- auditd_lineinfile