Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- auditbeat.modules:
- - module: auditd
- audit_rules: |
- -a never,exit -F auid=unset -S all
- -a never,exit -F auid=0 -S all
- -a exit,always -F arch=b64 -F auid!=unset -F euid=0 -F auid!=0 -F auid>=2000 -F auid<=2099 -F auid!=4294967295 -S execve -k rootact
- -a exit,always -F arch=b32 -F auid!=unset -F euid=0 -F auid!=0 -F auid>=2000 -F auid<=2099 -F auid!=4294967295 -S execve -k rootact
- -a exit,always -F arch=b64 -F auid!=unset -F euid>=1000 -F auid!=0 -F auid>=2000 -F auid<2100 -F auid!=4294967295 -S execve -k useract
- -a exit,always -F arch=b32 -F auid!=unset -F euid>=1000 -F auid!=0 -F auid>=2000 -F auid<2100 -F auid!=4294967295 -S execve -k useract
- setup.template.enabled: false
- output.elasticsearch:
- hosts: ["http://xyz.com:9200"]
Add Comment
Please, Sign In to add comment