tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-04-07 21:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Modify 8.1.21 for all privileged passwd events

Browse Source
This commit is contained in:
Samson-W 2018-10-21 02:59:16 +08:00
parent 4c2aeead84
commit 395053deb9
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bin/hardening/8.1.21_record_passwd_cmd_usage.sh → bin/hardening/8.1.21_record_Events_that_privileged_passwd_cmd_usage.sh
View File

@ -5,7 +5,7 @@
#
#
# 8.1.19 Recored /usr/bin/passwd command usage (Scored)
# 8.1.19 Recored Events that privileged-passwd command usage (Scored)
# Authors : Samson wen, Samson <sccxboy@gmail.com>
#
@ -14,7 +14,11 @@ set -u # One variable unset, it's over
HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd'
AUDIT_PARAMS='-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd'
FILE='/etc/audit/audit.rules'
# This function will be called if the script status is on enabled / audit mode