spirit posteets tagged unix  [ Profile ]

Sort by: Date / Title /

  1. 6 years ago
    1. #Adding/Modifying Rules
    2.  
    3. #    Watch for files
    4.  
    5. auditctl -w /etc/yum.conf -p wa  -k yum_watch
    6. auditctl -w /usr/bin/nmap -p x   -k nmap_watch
    7. auditctl -w /etc/shadow   -p rwa -k shadow_watch
    8.  
    9. #    Remove a rule using auditctl
    10.  
    11. auditctl -W /etc/shadow -p rwa -k shadow_watch
    12.  
    13. #    Watching for ptrace system call
    14.  
    15. auditctl -a entry,always -F arch=b64 -S ptrace -k info_scan
    16.  
    17. #    Suppress 32bit clock_gettime & fstat64 system calls
    18.  
    19. -a entry,never -F arch=b32 -S clock_gettime -k clock_gettime
    20. -a entry,never -F arch=b32 -S fstat64 -k fstat64
    21.  
    22. #    Audit files opened by a specific user
    23.  
    24. auditctl -a exit,always -S open -F auid=2010
    25. auditctl -a exit,always -F arch=b64 -F auid=2010  -F uid=2010 -F path=/etc/hosts -S open
    26.  
    27. #    Audit unsuccessful attempts for multiple system calls where user id is greater than or equal to 500
    28.  
    29. auditctl -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=500
    30. auditctl -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=500
    31.  
    32. #Reporting/Searching
    33.  
    34. #    List all rules
    35.  
    36. auditctl -l
    37.  
    38. #    List status
    39.  
    40. auditctl -s
    41.  
    42. #    Report on watched files. Date format is local to the server's date format.
    43.  
    44. aureport -f
    45. aureport -f --start 02/18/10 17:42:00
    46. aureport -f --start 02/18/10 17:00:00 --end 02/18/10 17:10:00
    47. aureport -f -ts this-week
    48. aureport -f -ts today
    49.  
    50. #    Search by system call
    51.  
    52. ausearch -sc ptrace -i
    53.  
    54. #    Search for user id or effective user id
    55.  
    56. ausearch -ui 2010
    57. ausearch -ue 2010
    58.  
    59. #    Lists all auth attempts and their result
    60.  
    61. aureport -au
    62.  
    63. #    List just logins
    64.  
    65. aureport -l
    66.  
    67. #    List account modification attempts.
    68.  
    69. aureport -m
    70.  
    71. #    Search events where success value is no, User id is 500 and key is nmap_watch
    72.  
    73. ausearch -sv no -ua 500 -k nmap_watch
    74.  
    75. #    Search by executable
    76.  
    77. ausearch -x /usr/bin/nmap
    78.  
    79. #    Search by terminal
    80.  
    81. ausearch -tm pts/0
    82.  
    83. #    Search by daemon. Stuff like cron log terminal as the daemon name
    84.  
    85. ausearch -tm cron
    Paste this in your website: <script type="text/javascript" src="http://www.posteet.com/embed/2171"></script>
  2. 6 years ago
    1. date +%s
    Paste this in your website: <script type="text/javascript" src="http://www.posteet.com/embed/2144"></script>
  3. 11 years ago and saved by 1 other
    1. #Pour changer les permissions récursivement sur les dossiers sans toucher aux autres fichiers :
    2.  
    3. chmod u-w $(ls -l -R | sed -n '/^d/p' | awk '{print $9 }')
    4.  
    5. #va enlever le droit d'écriture à tous les dossiers sans toucher aux autres fichiers
    6. #utile par exemple pour appliquer le droit d'exécution seulement aux dossiers pour pouvoir les parcourir sans pour autant rendre les autres fichiers exécutables
    Paste this in your website: <script type="text/javascript" src="http://www.posteet.com/embed/825"></script>
  4. sponsorised links

First / Previous / Next / Last / Page 1 of 1 (3 posteets)