install-script #7
11
scripts/install.sh
Normal file
11
scripts/install.sh
Normal file
@ -0,0 +1,11 @@
|
||||
#!/bin/bash
|
||||
|
||||
|
||||
|
||||
# install yay
|
||||
cd ~
|
||||
git clone https://aur.archlinux.org/yay.git
|
||||
cd yay
|
||||
makepkg -si
|
||||
cd ..
|
||||
sudo rm -rf yay
|
20
services/audit-framework/auditd/.auread-aliases
Normal file
20
services/audit-framework/auditd/.auread-aliases
Normal file
@ -0,0 +1,20 @@
|
||||
#!/bin/bash
|
||||
|
||||
# aureport and ausearch
|
||||
|
||||
alias aurepwk='aureport --start this-week'
|
||||
alias aurepwkv='aureport --start this-week --key --summary'
|
||||
|
||||
# syscall audit rule for failure to open files due to EPERM with key field access
|
||||
|
||||
# add to syscall.rules
|
||||
# -a always,exit -F arch=b64 -S open -S openat -F exit=-EPERM -k access
|
||||
|
||||
# check which files have been attempted
|
||||
alias aurfilist='ausearch --start this-week -k access --raw | aureport --file --summary'
|
||||
|
||||
# check the user accounts implicated
|
||||
|
||||
alias aurlusfi='ausearch --start this-week -k access --raw | aureport --user --summary'
|
||||
|
||||
|
0
services/audit-framework/auditd/auditd.conf
Normal file
0
services/audit-framework/auditd/auditd.conf
Normal file
0
services/audit-framework/auditd/auditd.rules
Normal file
0
services/audit-framework/auditd/auditd.rules
Normal file
3
services/audit-framework/auditd/rules.d/file.rules
Normal file
3
services/audit-framework/auditd/rules.d/file.rules
Normal file
@ -0,0 +1,3 @@
|
||||
-w /etc/passwd -p rwxa
|
||||
-w /etc/sudoers -p rwxa
|
||||
-w /etc/nftables.conf -p rwxa
|
4
services/audit-framework/auditd/rules.d/syscalls.rules
Normal file
4
services/audit-framework/auditd/rules.d/syscalls.rules
Normal file
@ -0,0 +1,4 @@
|
||||
|
||||
-a entry,always -S chmod
|
||||
-a entry,always -S chown
|
||||
|
Reference in New Issue
Block a user