Linux sagir-us1.hostever.us 5.14.0-570.51.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Oct 8 09:41:34 EDT 2025 x86_64
LiteSpeed
Server IP : 104.247.108.91 & Your IP : 216.73.216.105
Domains : 74 Domain
User : georgeto
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
usr /
share /
audit /
sample-rules /
Delete
Unzip
Name
Size
Permission
Date
Action
10-base-config.rules
244
B
-rw-r--r--
2025-09-21 11:48
10-no-audit.rules
284
B
-rw-r--r--
2025-09-21 11:48
11-loginuid.rules
93
B
-rw-r--r--
2025-09-21 11:48
12-cont-fail.rules
333
B
-rw-r--r--
2025-09-21 11:48
12-ignore-error.rules
327
B
-rw-r--r--
2025-09-21 11:48
20-dont-audit.rules
516
B
-rw-r--r--
2025-09-21 11:48
21-no32bit.rules
273
B
-rw-r--r--
2025-09-21 11:48
22-ignore-chrony.rules
254
B
-rw-r--r--
2025-09-21 11:48
23-ignore-filesystems.rules
507
B
-rw-r--r--
2025-09-21 11:48
30-nispom.rules
4.83
KB
-rw-r--r--
2025-09-21 11:48
30-ospp-v42-1-create-failed.rules
1.46
KB
-rw-r--r--
2025-09-21 11:48
30-ospp-v42-1-create-success.rules
746
B
-rw-r--r--
2025-09-21 11:48
30-ospp-v42-2-modify-failed.rules
1.61
KB
-rw-r--r--
2025-09-21 11:48
30-ospp-v42-2-modify-success.rules
826
B
-rw-r--r--
2025-09-21 11:48
30-ospp-v42-3-access-failed.rules
625
B
-rw-r--r--
2025-09-21 11:48
30-ospp-v42-3-access-success.rules
399
B
-rw-r--r--
2025-09-21 11:48
30-ospp-v42-4-delete-failed.rules
562
B
-rw-r--r--
2025-09-21 11:48
30-ospp-v42-4-delete-success.rules
284
B
-rw-r--r--
2025-09-21 11:48
30-ospp-v42-5-perm-change-failed.rules
816
B
-rw-r--r--
2025-09-21 11:48
30-ospp-v42-5-perm-change-success.rules
414
B
-rw-r--r--
2025-09-21 11:48
30-ospp-v42-6-owner-change-failed.rules
579
B
-rw-r--r--
2025-09-21 11:48
30-ospp-v42-6-owner-change-success.rules
295
B
-rw-r--r--
2025-09-21 11:48
30-ospp-v42.rules
9.1
KB
-rw-r--r--
2025-09-21 11:48
30-pci-dss-v31.rules
8.18
KB
-rw-r--r--
2025-09-21 11:48
30-stig.rules
9.25
KB
-rw-r--r--
2025-09-21 11:48
31-privileged.rules
1.56
KB
-rw-r--r--
2025-09-21 11:48
32-power-abuse.rules
213
B
-rw-r--r--
2025-09-21 11:48
40-local.rules
180
B
-rw-r--r--
2025-09-21 11:48
41-containers.rules
439
B
-rw-r--r--
2025-09-21 11:48
42-injection.rules
672
B
-rw-r--r--
2025-09-21 11:48
43-module-load.rules
398
B
-rw-r--r--
2025-09-21 11:48
44-installers.rules
1.23
KB
-rw-r--r--
2025-09-21 11:48
70-einval.rules
326
B
-rw-r--r--
2025-09-21 11:48
71-networking.rules
151
B
-rw-r--r--
2025-09-21 11:48
99-finalize.rules
86
B
-rw-r--r--
2025-09-21 11:48
README-rules
1.39
KB
-rw-r--r--
2025-09-21 11:48
Save
Rename
## This file contains a sample audit configuration intended to ## meet the NISPOM Chapter 8 rules. This rule depends on having ## 10-base-config.rules & 99-finalize.rules installed. ## Audit 1, 1(a) Enough information to determine the date and time of ## action (e.g., common network time), the system locale of the action, ## the system entity that initiated or completed the action, the resources ## involved, and the action involved. ## Things that could affect time -a always,exit -F arch=b32 -S adjtimex,settimeofday,stime -F key=time-change -a always,exit -F arch=b64 -S adjtimex,settimeofday -F key=time-change -a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change -a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change # Introduced in 2.6.39, commented out because it can make false positives #-a always,exit -F arch=b32 -S clock_adjtime -F key=time-change #-a always,exit -F arch=b64 -S clock_adjtime -F key=time-change -w /etc/localtime -p wa -k time-change ## Things that could affect system locale -a always,exit -F arch=b32 -S sethostname,setdomainname -F key=system-locale -a always,exit -F arch=b64 -S sethostname,setdomainname -F key=system-locale -w /etc/issue -p wa -k system-locale -w /etc/issue.net -p wa -k system-locale -w /etc/hosts -p wa -k system-locale -w /etc/hostname -p wa -k system-locale -w /etc/sysconfig/network -p wa -k system-locale -a always,exit -F dir=/etc/NetworkManager/ -F perm=wa -F key=system-locale ## Audit 1, 1(b) Successful and unsuccessful logons and logoffs. ## This is covered by patches to login, gdm, and openssh ## Might also want to watch these files if needing extra information #-w /var/log/tallylog -p wa -k logins #-w /var/run/faillock/ -p wa -k logins #-w /var/log/lastlog -p wa -k logins #-w /var/log/btmp -p wa -k logins #-w /var/run/utmp -p wa -k logins ## Audit 1, 1(c) Successful and unsuccessful accesses to ## security-relevant objects and directories, including ## creation, open, close, modification, and deletion. ## unsuccessful creation -a always,exit -F arch=b32 -S creat,link,mknod,mkdir,symlink,mknodat,linkat,symlinkat -F exit=-EACCES -F key=creation -a always,exit -F arch=b64 -S mkdir,creat,link,symlink,mknod,mknodat,linkat,symlinkat -F exit=-EACCES -F key=creation -a always,exit -F arch=b32 -S link,mkdir,symlink,mkdirat -F exit=-EPERM -F key=creation -a always,exit -F arch=b64 -S mkdir,link,symlink,mkdirat -F exit=-EPERM -F key=creation ## unsuccessful open -a always,exit -F arch=b32 -S open,openat,openat2,open_by_handle_at -F exit=-EACCES -F key=open -a always,exit -F arch=b64 -S open,openat,openat2,open_by_handle_at -F exit=-EACCES -F key=open -a always,exit -F arch=b32 -S open,openat,openat2,open_by_handle_at -F exit=-EPERM -F key=open -a always,exit -F arch=b64 -S open,openat,openat2,open_by_handle_at -F exit=-EPERM -F key=open ## unsuccessful close -a always,exit -F arch=b32 -S close -F exit=-EIO -F key=close -a always,exit -F arch=b64 -S close -F exit=-EIO -F key=close ## unsuccessful modifications -a always,exit -F arch=b32 -S rename -S renameat -S truncate -S chmod -S setxattr -S lsetxattr -S removexattr -S lremovexattr -F exit=-EACCES -F key=mods -a always,exit -F arch=b64 -S rename -S renameat -S truncate -S chmod -S setxattr -S lsetxattr -S removexattr -S lremovexattr -F exit=-EACCES -F key=mods -a always,exit -F arch=b32 -S rename -S renameat -S truncate -S chmod -S setxattr -S lsetxattr -S removexattr -S lremovexattr -F exit=-EPERM -F key=mods -a always,exit -F arch=b64 -S rename -S renameat -S truncate -S chmod -S setxattr -S lsetxattr -S removexattr -S lremovexattr -F exit=-EPERM -F key=mods ## unsuccessful deletion -a always,exit -F arch=b32 -S unlink,rmdir,unlinkat -F exit=-EACCES -F key=delete -a always,exit -F arch=b64 -S rmdir,unlink,unlinkat -F exit=-EACCES -F key=delete -a always,exit -F arch=b32 -S unlink,rmdir,unlinkat -F exit=-EPERM -F key=delete -a always,exit -F arch=b64 -S rmdir,unlink,unlinkat -F exit=-EPERM -F key=delete ## Audit 1, 1(d) Changes in user authenticators. ## Covered by patches to libpam, passwd, and shadow-utils ## Might also want to watch these files for changes -w /etc/group -p wa -k auth -w /etc/passwd -p wa -k auth -w /etc/gshadow -p wa -k auth -w /etc/shadow -p wa -k auth -w /etc/security/opasswd -p wa -k auth ## Audit 1, 1(e) The blocking or blacklisting of a user ID, ## terminal, or access port and the reason for the action. ## Covered by patches to pam_tally2 or pam_faillock and pam_limits ## Audit 1, 1(f) Denial of access resulting from an excessive ## number of unsuccessful logon attempts. ## Covered by patches to pam_tally2 or pam_faillock ## Audit 1, 2 Audit Trail Protection. The contents of audit trails ## shall be protected against unauthorized access, modification, ## or deletion. ## This should be covered by file permissions, but we can watch it ## to see any activity -w /var/log/audit/ -k audit-logs