Tree - rpms/scap-security-guide

ggbecker / rpms / scap-security-guide

Forked from rpms/scap-security-guide 4 years ago

Source
Stats

Blame SOURCES/scap-security-guide-0.1.41-audit_misc_improvements.patch

Blob History Raw

		7629ac	`diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_rename.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_rename.rule`
		7629ac	`index 3fdcb3e89d..33b8371e91 100644`
		7629ac	`--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_rename.rule`
		7629ac	`+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_rename.rule`
		7629ac	`@@ -42,5 +42,6 @@ warnings:`
		7629ac	`- general: \|-`
		7629ac	`Note that these rules can be configured in a`
		7629ac	`number of ways while still achieving the desired effect. Here the system calls`
		7629ac	`- have been placed independent of other system calls. Grouping these system`
		7629ac	`- calls with others as identifying earlier in this guide is more efficient.`
		7629ac	`+ have been placed independent of other system calls. Grouping system calls related`
		7629ac	`+ to the same event is more efficient. See the following example:`
		7629ac	`+ -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-delete`
		7629ac	`diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_renameat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_renameat.rule`
		7629ac	`index 848ea3256e..7f9093fcd2 100644`
		7629ac	`--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_renameat.rule`
		7629ac	`+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_renameat.rule`
		7629ac	`@@ -42,5 +42,6 @@ warnings:`
		7629ac	`- general: \|-`
		7629ac	`Note that these rules can be configured in a`
		7629ac	`number of ways while still achieving the desired effect. Here the system calls`
		7629ac	`- have been placed independent of other system calls. Grouping these system`
		7629ac	`- calls with others as identifying earlier in this guide is more efficient.`
		7629ac	`+ have been placed independent of other system calls. Grouping system calls related`
		7629ac	`+ to the same event is more efficient. See the following example:`
		7629ac	`+ -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-delete`
		7629ac	`diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_unlink.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_unlink.rule`
		7629ac	`index 8a64a965ea..f898cc5686 100644`
		7629ac	`--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_unlink.rule`
		7629ac	`+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_unlink.rule`
		7629ac	`@@ -42,5 +42,6 @@ warnings:`
		7629ac	`- general: \|-`
		7629ac	`Note that these rules can be configured in a`
		7629ac	`number of ways while still achieving the desired effect. Here the system calls`
		7629ac	`- have been placed independent of other system calls. Grouping these system`
		7629ac	`- calls with others as identifying earlier in this guide is more efficient.`
		7629ac	`+ have been placed independent of other system calls. Grouping system calls related`
		7629ac	`+ to the same event is more efficient. See the following example:`
		7629ac	`+ -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-delete`
		7629ac	`diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_unlinkat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_unlinkat.rule`
		7629ac	`index c89d7d880b..7c5403361c 100644`
		7629ac	`--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_unlinkat.rule`
		7629ac	`+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_unlinkat.rule`
		7629ac	`@@ -42,5 +42,6 @@ warnings:`
		7629ac	`- general: \|-`
		7629ac	`Note that these rules can be configured in a`
		7629ac	`number of ways while still achieving the desired effect. Here the system calls`
		7629ac	`- have been placed independent of other system calls. Grouping these system`
		7629ac	`- calls with others as identifying earlier in this guide is more efficient.`
		7629ac	`+ have been placed independent of other system calls. Grouping system calls related`
		7629ac	`+ to the same event is more efficient. See the following example:`
		7629ac	`+ -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-delete`

ggbecker / rpms / scap-security-guide

Source Code

Blame SOURCES/scap-security-guide-0.1.41-audit_misc_improvements.patch