Giter Site home page Giter Site logo

auditd-attack's People

Contributors

bfuzzy avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

threatinteltest chubbymaggie felixwangchao techlord-rce vlakas elastickent 0xbadca7 jack51706 monad-one jkohrman p3t3rp4rk3r orf53975 flycrane fijimunkii b1gw00d t3nebre d066y jameschen79 hapazores descendency ademkanat npaulhus tuantmb cstayyab ion-storm sgnls yoda-sec superuser5 psjoshi tsoderstrom prime9 mapbased dadamnmayne raddkatt beerandgin buysse c0010 5up3rc futurebody triplekill keyboardmonkey h4ppy7ree 0x6b7966 soumick123 simonclausen diggold langitio acumenix tigerlyb secretnonempty adampielak gary561 avitg andyallan marciopocebon smolige001 adamsmesher morgan-atwood skirankumar 0-1-2-3-4 pilgrimw ktroberson blue-infosec piggypage fgwsq pedramjm nextcup isamalrikabi 5l1v3r1 jclingensmith zt3r1 umasolution dainperkins c4nonur magnologan robben-ar chrisbalmer webvul exiahan cybert3ch tank0226 awesome-attack haodketernal chennqqi typhoidmary jmccar ananth-kumar12 tnyyli tskinnerarlo timb-machine-mirrors dfw1n letmax6831 joker2013 zouxiaoliang bigbrobro cybernewbies arstercz jerry-bond odymit flyr4nk

auditd-attack's Issues

Error in audit.rules

I'm getting this, when trying to apply a copy of the rules files:

-F unknown field: uid
There was an error in line 18 of /etc/audit/audit.rules
Error sending add rule data request (No such file or directory)
There was an error in line 83 of /etc/audit/audit.rules

The two offending lines are:

-a never,exit -F arch=b64 -S adjtimex -F auid=unset -F uid=chrony -F subj_type=chronyd_t

-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid>=500 -F auid!=4294967295 -k T1078_Valid_Accounts

Not sure about the problem with the uid, but the "No such file or directory" makes sense, because I don't have /usr/libexec/openssh/ssh-keysign.

Commenting out those two lines worked for me. I suspect that this is related to my Linux distribution and version? If so, we should probably add a note about supported distros (or which distros the rules file has been tested on) to the README.

I'm on auditd v2.8.2 and here are my OS details:

NAME="Ubuntu"
VERSION="18.04.1 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.1 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic

Auditd Service

Hi,
I'm trying to run the auditd service with rules based on this Best Practice on Ubuntu 16.04 and i'm having some troubles-
I started with installing the auditd package with the command: "apt-get install auditd audispd-plugins".
Next, I switched the /etc/audit/audit.rules with my audit.rules file
And finally, I restarted the auditd service: "services auditd restart"

The problem:
When I'm running the "service auditd status" command I have this message-
Active: active (running) since ......
Process: 3728 ExecStartPost=/sbin/auditctl -R /etc/audit/audit.rules (code=exited, status=1/FALIURE)

Please help me find the right solution.
Thank you,
AgentsOfShield

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.