{"id":23470973,"url":"https://github.com/benjitrapp/auditd-rules","last_synced_at":"2026-03-20T01:30:02.051Z","repository":{"id":202830660,"uuid":"708228243","full_name":"BenjiTrapp/auditd-rules","owner":"BenjiTrapp","description":null,"archived":false,"fork":false,"pushed_at":"2023-10-21T23:41:30.000Z","size":17,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-08T21:03:17.399Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BenjiTrapp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":"auditd.rules","citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-10-21T22:59:57.000Z","updated_at":"2023-10-21T23:26:39.000Z","dependencies_parsed_at":null,"dependency_job_id":"67c25aaf-dd79-4b42-b431-63c2e7c81e78","html_url":"https://github.com/BenjiTrapp/auditd-rules","commit_stats":null,"previous_names":["benjitrapp/auditd-rules"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/BenjiTrapp/auditd-rules","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BenjiTrapp%2Fauditd-rules","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BenjiTrapp%2Fauditd-rules/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BenjiTrapp%2Fauditd-rules/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BenjiTrapp%2Fauditd-rules/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BenjiTrapp","download_url":"https://codeload.github.com/BenjiTrapp/auditd-rules/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BenjiTrapp%2Fauditd-rules/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29355861,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-12T01:03:07.613Z","status":"online","status_checked_at":"2026-02-12T02:00:06.911Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-24T16:18:14.420Z","updated_at":"2026-02-12T03:03:38.037Z","avatar_url":"https://github.com/BenjiTrapp.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Auditd Syntax Checks](https://github.com/BenjiTrapp/auditd-rules/actions/workflows/auditd-syntax-check.yml/badge.svg)](https://github.com/BenjiTrapp/auditd-rules/actions/workflows/auditd-syntax-check.yml)\n\n```\n  █████╗ ██╗   ██╗██████╗ ██╗████████╗██████╗ \n ██╔══██╗██║   ██║██╔══██╗██║╚══██╔══╝██╔══██╗\n ███████║██║   ██║██║  ██║██║   ██║   ██║  ██║\n ██╔══██║██║   ██║██║  ██║██║   ██║   ██║  ██║\n ██║  ██║╚██████╔╝██████╔╝██║   ██║   ██████╔╝\n ╚═╝  ╚═╝ ╚═════╝ ╚═════╝ ╚═╝   ╚═╝   ╚═════╝ \n                    Harden your Unix   \n```\n\nThis repository provides a valuable resource for enhancing system security by implementing comprehensive auditd rules and verifying their effectiveness through automated testing. The applied rules are based on my learnings to get deeper into the topic for hardening my Linux machines.\n\n## Auditd Rules\n\nThe `auditd.rules` file contains a collection of auditd rules that monitor various system events, including:\n\n* User logins and logouts\n* File access and modifications\n* Process executions\n* Privilege escalation attempts\n* Suspicious activity\n\n## GitHub Action\n\nThe `auditd-syntax-check.yml` GitHub Action file defines a workflow that tests all the auditd rules defined in the `auditd.rules` file. The action utilizes a Docker container to simulate a Linux environment and executes auditd commands to verify that the rules are functioning correctly.\n\n## Usage\n\nTo utilize this repository, follow these steps:\n\n1. Clone the repository to your local machine.\n2. Copy the `auditd.rules` file to your Linux system's `/etc/audit/rules.d` directory.\n3. Restart the auditd service to apply the new rules.\n5. Commit and push your changes to the repository as a Pull Request if you like to contribute\n\nThe GitHub Action will automatically run upon each push to the repository, testing the auditd rules and reporting any potential issues.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbenjitrapp%2Fauditd-rules","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbenjitrapp%2Fauditd-rules","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbenjitrapp%2Fauditd-rules/lists"}