Skip to content

Commit

Permalink
Update audit.rules
Browse files Browse the repository at this point in the history 
fix: #125
  • Loading branch information
@Neo23x0
Neo23x0 authored Jan 9, 2024
1 parent 639bad5 commit dfb7898
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion audit.rules
View file
Original file line number Diff line number Diff line change
Expand Up @@ -461,7 +461,7 @@

## Privilege Abuse
### The purpose of this rule is to detect when an admin may be abusing power by looking in user's home dir.
-a always,exit -F dir=/home -F uid=0 -F auid>=1000 -F auid!=-1 -C auid!=obj_uid -k power_abuse
-a always,exit -F dir=/home -F auid=0 -F auid>=1000 -F auid!=-1 -C auid!=obj_uid -k power_abuse

# Socket Creations
# will catch both IPv4 and IPv6
Expand Down

0 comments on commit dfb7898

Please sign in to comment.