Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # This file contains the auditctl rules that are loaded
- # whenever the audit daemon is started via the initscripts.
- # The rules are simply the parameters that would be passed
- # to auditctl.
- # First rule - delete all
- -D
- # Increase the buffers to survive stress events.
- # Make this bigger for busy systems
- -b 8096
- # Feel free to add below this line. See auditctl man page
- -w /var/spool/atspool
- -w /etc/at.allow
- -w /etc/at.deny
- #-w /etc/cron.allow -p wa
- #-w /etc/cron.deny -p wa
- #-w /etc/cron.d/ -p wa
- #-w /etc/cron.daily/ -p wa
- #-w /etc/cron.hourly/ -p wa
- #-w /etc/cron.monthly/ -p wa
- #-w /etc/cron.weekly/ -p wa
- -w /etc/crontab -p wa
- -w /var/spool/cron/root
- -w /usr/sbin/sendmail.postfix
- -w /usr/sbin/sendmail
- -w /etc/group -p wa
- -w /etc/passwd -p wa
- -w /etc/shadow
- -w /etc/login.defs -p wa
- -w /etc/securetty
- -w /var/log/faillog
- -w /var/log/lastlog
- -w /etc/hosts -p wa
- -w /etc/sysconfig/
- -w /etc/inittab -p wa
- -w /etc/init.d/
- -w /etc/init.d/auditd -p wa
- -w /etc/ld.so.conf -p wa
- -w /etc/localtime -p wa
- -w /etc/sysctl.conf -p wa
- -w /etc/modprobe.d/
- -w /etc/modprobe.conf.local -p wa
- -w /etc/modprobe.conf -p wa
- #-w /etc/pam.d/
- -w /etc/aliases -p wa
- #-w /etc/exim/ -p wa
- -w /etc/httpd/
- -w /usr/bin/perl
- -w /root -S execve
- -w /etc/ssh/sshd_config
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement