Skip to content

Commit

Permalink
Update audit.rules ncftp
Browse files Browse the repository at this point in the history
  • Loading branch information
@Pierre-Gronau-ndaal
Pierre-Gronau-ndaal authored Jul 30, 2023
1 parent 639bad5 commit 224915d
Showing 1 changed file with 27 additions and 0 deletions.
27 changes: 27 additions & 0 deletions audit.rules
View file
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,33 @@
-w /usr/local/bin/xfreerdp -p x -k susp_activity
-w /usr/bin/nmap -p x -k susp_activity

### ncftp
### https://www.ncftp.com
### T1133_External_Remote_Services
-w /usr/bin/ncftp3 -p x -k susp_activity
-w /usr/sbin/ncftp3 -p x -k susp_activity

-w /usr/bin/ncftpbatch -p x -k susp_activity
-w /usr/sbin/ncftpbatch -p x -k susp_activity

-w /usr/bin/ncftpbookmarks -p x -k susp_activity
-w /usr/sbin/ncftpbookmarks -p x -k susp_activity

-w /usr/bin/ncftpbatch -p x -k susp_activity
-w /usr/sbin/ncftpbatch -p x -k susp_activity

-w /usr/bin/ncftpget -p x -k susp_activity
-w /usr/sbin/ncftpget -p x -k susp_activity

-w /usr/bin/ncftpls -p x -k susp_activity
-w /usr/sbin/ncftpls -p x -k susp_activity

-w /usr/bin/ncftpput -p x -k susp_activity
-w /usr/sbin/ncftpput -p x -k susp_activity

-w /usr/bin/ncftpspooler -p x -k susp_activity
-w /usr/sbin/ncftpspooler -p x -k susp_activity

## sssd
-a always,exit -F path=/usr/libexec/sssd/p11_child -F perm=x -F auid>=500 -F auid!=4294967295 -k T1078_Valid_Accounts
-a always,exit -F path=/usr/libexec/sssd/krb5_child -F perm=x -F auid>=500 -F auid!=4294967295 -k T1078_Valid_Accounts
Expand Down

0 comments on commit 224915d

Please sign in to comment.