/usr/share/audit/sample-rules
## These are rules are to locate poorly written programs. ## Its never planned to waste time on a syscall with incorrect parameters ## This is more of a debugging step than something people should run with ## in production. -a never,exit -F arch=b64 -S rt_sigreturn -a always,exit -S all -F exit=-EINVAL -F key=einval-retcode
.
Edit
..
Edit
10-base-config.rules
Edit
10-no-audit.rules
Edit
11-loginuid.rules
Edit
12-cont-fail.rules
Edit
12-ignore-error.rules
Edit
20-dont-audit.rules
Edit
21-no32bit.rules
Edit
22-ignore-chrony.rules
Edit
23-ignore-filesystems.rules
Edit
30-nispom.rules
Edit
30-ospp-v42-1-create-failed.rules
Edit
30-ospp-v42-1-create-success.rules
Edit
30-ospp-v42-2-modify-failed.rules
Edit
30-ospp-v42-2-modify-success.rules
Edit
30-ospp-v42-3-access-failed.rules
Edit
30-ospp-v42-3-access-success.rules
Edit
30-ospp-v42-4-delete-failed.rules
Edit
30-ospp-v42-4-delete-success.rules
Edit
30-ospp-v42-5-perm-change-failed.rules
Edit
30-ospp-v42-5-perm-change-success.rules
Edit
30-ospp-v42-6-owner-change-failed.rules
Edit
30-ospp-v42-6-owner-change-success.rules
Edit
30-ospp-v42.rules
Edit
30-pci-dss-v31.rules
Edit
30-stig.rules
Edit
31-privileged.rules
Edit
32-power-abuse.rules
Edit
40-local.rules
Edit
41-containers.rules
Edit
42-injection.rules
Edit
43-module-load.rules
Edit
44-installers.rules
Edit
70-einval.rules
Edit
71-networking.rules
Edit
99-finalize.rules
Edit
README-rules
Edit