pratyush/arch-conf-install
Archived
1
0
Fork 0
Code Issues 5 Pull Requests Projects 1 Releases Wiki Activity
This repository has been archived on 2022-06-28. You can view files and clone it, but cannot push or open issues or pull requests.
88f2a9eb8a
arch-conf-install/services/audit-framework/auditd/.auread-aliases
Pratyush Desai d62cf1510f auditd configuration 
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2021-12-16 03:44:17 +05:30

21 lines
580 B
Bash
Raw Blame History

#!/bin/bash
# aureport and ausearch
alias aurepwk='aureport --start this-week'
alias aurepwkv='aureport --start this-week --key --summary'
# syscall audit rule for failure to open files due to EPERM with key field access
# add to syscall.rules
# -a always,exit -F arch=b64 -S open -S openat -F exit=-EPERM -k access
# check which files have been attempted
alias aurfilist='ausearch --start this-week -k access --raw | aureport --file --summary'
# check the user accounts implicated
alias aurlusfi='ausearch --start this-week -k access --raw | aureport --user --summary'
Reference in New Issue View Git Blame Copy Permalink