| Dir : /usr/share/audit/sample-rules/ |
| Server: Linux server1.ngambekcore.com 4.18.0-553.51.1.el8_10.x86_64 #1 SMP Wed Apr 30 04:00:07 EDT 2025 x86_64 IP: 159.198.77.92 |
| Dir : //usr/share/audit/sample-rules/42-injection.rules |
## These rules watch for code injection by the ptrace facility. ## This could indicate someone trying to do something bad or ## just debugging #-a always,exit -F arch=b32 -S ptrace -F key=tracing -a always,exit -F arch=b64 -S ptrace -F key=tracing -a always,exit -F arch=b32 -S ptrace -F a0=0x4 -F key=code-injection -a always,exit -F arch=b64 -S ptrace -F a0=0x4 -F key=code-injection -a always,exit -F arch=b32 -S ptrace -F a0=0x5 -F key=data-injection -a always,exit -F arch=b64 -S ptrace -F a0=0x5 -F key=data-injection -a always,exit -F arch=b32 -S ptrace -F a0=0x6 -F key=register-injection -a always,exit -F arch=b64 -S ptrace -F a0=0x6 -F key=register-injection