RHEL審計內容/etc/audit/audit.rules
# This file contains the auditctl rules that are loaded
# whenever the audit daemon is started via the initscripts.
# The rules are simply the parameters that would be passed
# to auditctl.
# First rule - delete all
-D
# Increase the buffers to survive stress events.
# Make this bigger for busy systems
-b 320
# Feel free to add below this line. See auditctl man page
# Enable auditing
-e 1
## login configuration and information
-w /etc/login.defs -p wa -k CFG_login.defs
-w /etc/securetty -p wa -k CFG_securetty
-w /var/log/faillog -p wa -k LOG_faillog
-w /var/log/lastlog -p wa -k LOG_lastlog
-w /var/log/tallylog -p wa -k LOG_tallylog
## directory operations
#-a entry,always -S mkdir -S mkdirat -S rmdir
-a entry,always -F arch=b64 -S mkdir -S rmdir
## cron configuration & scheduled jobs
-w /etc/cron.allow -p wa -k CFG_cron.allow
-w /etc/cron.deny -p wa -k CFG_cron.deny
#-w /etc/cron.d/ -p wa -k CFG_cron.d -w /etc/cron.daily/ -p wa -k CFG_cron.daily
-w /etc/cron.hourly/ -p wa -k CFG_cron.hourly
-w /etc/cron.monthly/ -p wa -k CFG_cron.monthly
-w /etc/cron.weekly/ -p wa -k CFG_cron.weekly
-w /etc/crontab -p wa -k CFG_crontab
-w /var/spool/cron/root -k CFG_crontab_root
## user, group, password databases
-w /etc/group -p wa -k CFG_group
-w /etc/passwd -p wa -k CFG_passwd
-w /etc/gshadow -k CFG_gshadow
-w /etc/shadow -k CFG_shadow
-w /etc/security/opasswd -k CFG_opasswd
# ----- File System audit rules -----
# Add a watch on "passwd" with the arbitrary filterkey "fk_passwd" that
# generates records for "reads, writes, executes, and appends" on "passwd"
-w /etc/passwd -k fk_passwd -p rwxa
# Add a watch "shadow" with a NULL filterkey that has permissions
# filtering turned off
-w /etc/shadow
# whenever the audit daemon is started via the initscripts.
# The rules are simply the parameters that would be passed
# to auditctl.
# First rule - delete all
-D
# Increase the buffers to survive stress events.
# Make this bigger for busy systems
-b 320
# Feel free to add below this line. See auditctl man page
# Enable auditing
-e 1
## login configuration and information
-w /etc/login.defs -p wa -k CFG_login.defs
-w /etc/securetty -p wa -k CFG_securetty
-w /var/log/faillog -p wa -k LOG_faillog
-w /var/log/lastlog -p wa -k LOG_lastlog
-w /var/log/tallylog -p wa -k LOG_tallylog
## directory operations
#-a entry,always -S mkdir -S mkdirat -S rmdir
-a entry,always -F arch=b64 -S mkdir -S rmdir
## cron configuration & scheduled jobs
-w /etc/cron.allow -p wa -k CFG_cron.allow
-w /etc/cron.deny -p wa -k CFG_cron.deny
#-w /etc/cron.d/ -p wa -k CFG_cron.d -w /etc/cron.daily/ -p wa -k CFG_cron.daily
-w /etc/cron.hourly/ -p wa -k CFG_cron.hourly
-w /etc/cron.monthly/ -p wa -k CFG_cron.monthly
-w /etc/cron.weekly/ -p wa -k CFG_cron.weekly
-w /etc/crontab -p wa -k CFG_crontab
-w /var/spool/cron/root -k CFG_crontab_root
## user, group, password databases
-w /etc/group -p wa -k CFG_group
-w /etc/passwd -p wa -k CFG_passwd
-w /etc/gshadow -k CFG_gshadow
-w /etc/shadow -k CFG_shadow
-w /etc/security/opasswd -k CFG_opasswd
# ----- File System audit rules -----
# Add a watch on "passwd" with the arbitrary filterkey "fk_passwd" that
# generates records for "reads, writes, executes, and appends" on "passwd"
-w /etc/passwd -k fk_passwd -p rwxa
# Add a watch "shadow" with a NULL filterkey that has permissions
# filtering turned off
-w /etc/shadow
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/22661144/viewspace-1413417/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- RHEL審計配置/etc/audit/auditd.conf
- audit審計
- 審計--audit
- MySQL審計auditMySql
- AUDIT審計(2)
- Oracle 審計 auditOracle
- oracle 審計(Audit)Oracle
- SQL Server 審計(Audit)SQLServer
- ORACLE AUDIT審計(1)Oracle
- oracle開啟audit(審計)Oracle
- Oracle Audit 審計 說明Oracle
- Oracle audit 審計功能說明Oracle
- 【AUDIT]Oracle審計配置及常用sqlOracleSQL
- AUDIT審計的一些使用
- 網路安全審計主要包括哪些內容?
- MySQL審計外掛-MariaDB Audit PluginMySqlPlugin
- FGA審計及audit_trail引數AI
- SSH服務審計工具ssh-audit
- Oracle FGA細粒度審計——基於內容的資料庫審計(一)Oracle資料庫
- Oracle FGA細粒度審計——基於內容的資料庫審計(二)Oracle資料庫
- Oracle FGA細粒度審計——基於內容的資料庫審計(三)Oracle資料庫
- mysql 5.7新增server_audit 安全審計功能MySqlServer
- Oracle Audit 審計功能的認識與使用Oracle
- MySQL5.6 audit審計外掛安裝初探MySql
- AUDIT_TRAIL設定及審計日誌清理AI
- Audit裡審計SQL語句與審計系統許可權的區別SQL
- Oracle中審計引數audit_trail的討論(轉)OracleAI
- Oracle 標準審計,設定AUDIT_SYSLOG _LEVEL引數Oracle
- 管理AUDIT_TRAIL初始化引數配置標準審計AI
- 語句審計相關的表是stmt_audit_option_map
- 《伺服器的追蹤與審計》RHEL6伺服器
- 【AUDIT】審計並記錄使用者連線資料庫資訊資料庫
- 中宣部《遊戲審查評分細則》,內容竟如此簡單?遊戲
- Linux /etc/shadow 超詳細內容解析Linux
- [20141202]11g審計sys.dba_audit_sessionSession
- oracle10g audit--審計sys使用者(as sysdba或者sysoper)特權操作行為Oracle
- 遊戲UI設計-公共內容整理遊戲UI
- popWindow 根據內容計算高度