Gecko [ georgetownmover.com ]

Name	Size	Permission	Date
10-base-config.rules	244 B	-rw-r--r--	2025-09-21 11:48
10-no-audit.rules	284 B	-rw-r--r--	2025-09-21 11:48
11-loginuid.rules	93 B	-rw-r--r--	2025-09-21 11:48
12-cont-fail.rules	333 B	-rw-r--r--	2025-09-21 11:48
12-ignore-error.rules	327 B	-rw-r--r--	2025-09-21 11:48
20-dont-audit.rules	516 B	-rw-r--r--	2025-09-21 11:48
21-no32bit.rules	273 B	-rw-r--r--	2025-09-21 11:48
22-ignore-chrony.rules	254 B	-rw-r--r--	2025-09-21 11:48
23-ignore-filesystems.rules	507 B	-rw-r--r--	2025-09-21 11:48
30-nispom.rules	4.83 KB	-rw-r--r--	2025-09-21 11:48
30-ospp-v42-1-create-failed.rules	1.46 KB	-rw-r--r--	2025-09-21 11:48
30-ospp-v42-1-create-success.rules	746 B	-rw-r--r--	2025-09-21 11:48
30-ospp-v42-2-modify-failed.rules	1.61 KB	-rw-r--r--	2025-09-21 11:48
30-ospp-v42-2-modify-success.rules	826 B	-rw-r--r--	2025-09-21 11:48
30-ospp-v42-3-access-failed.rules	625 B	-rw-r--r--	2025-09-21 11:48
30-ospp-v42-3-access-success.rules	399 B	-rw-r--r--	2025-09-21 11:48
30-ospp-v42-4-delete-failed.rules	562 B	-rw-r--r--	2025-09-21 11:48
30-ospp-v42-4-delete-success.rules	284 B	-rw-r--r--	2025-09-21 11:48
30-ospp-v42-5-perm-change-failed.rules	816 B	-rw-r--r--	2025-09-21 11:48
30-ospp-v42-5-perm-change-success.rules	414 B	-rw-r--r--	2025-09-21 11:48
30-ospp-v42-6-owner-change-failed.rules	579 B	-rw-r--r--	2025-09-21 11:48
30-ospp-v42-6-owner-change-success.rules	295 B	-rw-r--r--	2025-09-21 11:48
30-ospp-v42.rules	9.1 KB	-rw-r--r--	2025-09-21 11:48
30-pci-dss-v31.rules	8.18 KB	-rw-r--r--	2025-09-21 11:48
30-stig.rules	9.25 KB	-rw-r--r--	2025-09-21 11:48
31-privileged.rules	1.56 KB	-rw-r--r--	2025-09-21 11:48
32-power-abuse.rules	213 B	-rw-r--r--	2025-09-21 11:48
40-local.rules	180 B	-rw-r--r--	2025-09-21 11:48
41-containers.rules	439 B	-rw-r--r--	2025-09-21 11:48
42-injection.rules	672 B	-rw-r--r--	2025-09-21 11:48
43-module-load.rules	398 B	-rw-r--r--	2025-09-21 11:48
44-installers.rules	1.23 KB	-rw-r--r--	2025-09-21 11:48
70-einval.rules	326 B	-rw-r--r--	2025-09-21 11:48
71-networking.rules	151 B	-rw-r--r--	2025-09-21 11:48
99-finalize.rules	86 B	-rw-r--r--	2025-09-21 11:48
README-rules	1.39 KB	-rw-r--r--	2025-09-21 11:48

Rename

##- Use of privileged commands (unsuccessful and successful)
## You can run the following commands to generate the rules (don't forget to
## add arch=b32 rules, too):
#find /bin -type f -perm -04000 2>/dev/null | awk '{ printf "-a always,exit -F arch=b64 -F path=%s -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $1 }' > priv.rules
#find /sbin -type f -perm -04000 2>/dev/null | awk '{ printf "-a always,exit -F arch=b64 -F path=%s -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $1 }' >> priv.rules
#find /usr/bin -type f -perm -04000 2>/dev/null | awk '{ printf "-a always,exit -F arch=b64 -F path=%s -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $1 }' >> priv.rules
#find /usr/sbin -type f -perm -04000 2>/dev/null | awk '{ printf "-a always,exit -F arch=b64 -F path=%s -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $1 }' >> priv.rules
#filecap /bin 2>/dev/null | sed '1d' | awk '{ printf "-a always,exit -F path=%s -F arch=b64 -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $2 }' >> priv.rules
#filecap /sbin 2>/dev/null | sed '1d' | awk '{ printf "-a always,exit -F path=%s -F arch=b64 -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $2 }' >> priv.rules
#filecap /usr/bin 2>/dev/null | sed '1d' | awk '{ printf "-a always,exit -F arch=b64 -F path=%s -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $2 }' >> priv.rules
#filecap /usr/sbin 2>/dev/null | sed '1d' | awk '{ printf "-a always,exit -F arch=b64 -F path=%s -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $2 }' >> priv.rules