tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-31 01:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add syscall create_module and finit_module to audit.rules

Browse Source
This commit is contained in:
Samson-W 2018-10-22 03:16:02 +08:00
parent 1bce989b10
commit cb592a62fa
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bin/hardening/8.1.17_record_kernel_modules.sh
View File

@ -16,7 +16,9 @@ HARDENING_LEVEL=4
AUDIT_PARAMS='-w /sbin/insmod -p x -k modules
-w /sbin/rmmod -p x -k modules
-w /sbin/modprobe -p x -k modules
-a always,exit -F arch=b64 -S init_module -S delete_module -k modules'
-a always,exit -F arch=b32 -S init_module -S delete_module -S create_module -S finit_module -k modules
-a always,exit -F arch=b64 -S init_module -S delete_module -S create_module -S finit_module -k modules'
FILE='/etc/audit/audit.rules'
# This function will be called if the script status is on enabled / audit mode