Skip to content

Commit

Permalink
Merge pull request #140 from Pierre-Gronau-ndaal/patch-69
Browse files Browse the repository at this point in the history 
Update audit.rules High Volume Event Filter (especially on Linux Work…
  • Loading branch information
@Neo23x0
Neo23x0 authored Oct 16, 2024
2 parents a2c506e + 0a7589c commit 41693c1
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions audit.rules
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,8 +91,11 @@
-a exit,never -F arch=b64 -S all -F exe=/usr/bin/vmtoolsd

## High Volume Event Filter (especially on Linux Workstations)
-a never,exit -F arch=b64 -F dir=/dev/shm -k sharedmemaccess
-a never,exit -F arch=b64 -F dir=/var/lock/lvm -k locklvm
-a never,exit -F arch=b32 -F dir=/dev/shm/ -F key=sharedmemaccess
-a never,exit -F arch=b64 -F dir=/dev/shm/ -F key=sharedmemaccess

-a never,exit -F arch=b32 -F dir=/var/lock/lvm/ -F key=locklvm
-a never,exit -F arch=b64 -F dir=/var/lock/lvm/ -F key=locklvm

## Filebeat
### https://www.elastic.co/guide/en/beats/filebeat/current/directory-layout.html
Expand Down

0 comments on commit 41693c1

Please sign in to comment.