Skip to content

GitLab

Switch branch/tag
Find file Normal viewHistoryPermalink
audit.conf 977 Bytes
Newer Older
liming6's avatar
feature 添加文件上传监控相关代码  
liming6 committed
1 
# 监控scp创建文件动作
liming6's avatar
feature 添加文件监控部分功能  
liming6 committed
2
3
4
5 
-a always,exit -F arch=b64 -S openat -F exe=/usr/bin/scp -F a2&0x40 -F key=scp_create_file
-a always,exit -F arch=b64 -S open -F exe=/usr/bin/scp -F a1&0x40 -F key=scp_create_file
# 监控scp关闭文件动作
-a always,exit -F arch=b64 -S close -F exe=/usr/bin/scp -F key=scp_close_file
liming6's avatar
feature 添加文件上传监控相关代码  
liming6 committed
6
7 

# 监控sftp创建文件动作
liming6's avatar
feature 添加文件监控部分功能  
liming6 committed
8
9
10
11 
-a always,exit -F arch=b64 -S openat -F exe=/usr/libexec/openssh/sftp-server -F a2&0x40 -F key=sftp_create_file
-a always,exit -F arch=b64 -S open -F exe=/usr/libexec/openssh/sftp-server -F a1&0x40 -F key=sftp_create_file

# 监控sftp关闭文件动作
liming6's avatar
feature 添加文件上传监控相关代码  
liming6 committed
12
13
14
15
16 
-a always,exit -F arch=b64 -S close -F exe=/usr/libexec/openssh/sftp-server -F key=sftp_close_file

# 监控sftp修改文件名动作
-a always,exit -F arch=b64 -S rename,renameat,renameat2 -F exe=/usr/libexec/openssh/sftp-server -F key=sftp_rename_file
-a always,exit -F arch=b64 -S link,unlink,unlinkat,linkat -F exe=/usr/libexec/openssh/sftp-server -F key=sftp_link_file