Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/aegrah/auditd_manager_config
This repository contains my tuned auditd_manager configuration (mostly originating from Neo23x0's Auditd configuration.)
https://github.com/aegrah/auditd_manager_config
Last synced: 26 days ago
JSON representation
This repository contains my tuned auditd_manager configuration (mostly originating from Neo23x0's Auditd configuration.)
- Host: GitHub
- URL: https://github.com/aegrah/auditd_manager_config
- Owner: Aegrah
- Created: 2023-09-19T08:49:26.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-09-19T08:58:05.000Z (over 1 year ago)
- Last Synced: 2024-10-29T21:25:03.220Z (2 months ago)
- Homepage:
- Size: 6.84 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Audit: auditd_manager_config.txt
Awesome Lists containing this project
README
# Elastic auditd_manager Integration Configuration File Base
This repository contains my tuned (for detection engineering, NOT production) auditd_manager configuration (mostly originating from [Neo23x0's Auditd configuration](https://github.com/Neo23x0/auditd/blob/master/audit.rules)).## Disclaimer
This configuration is mostly a test / detection engineering configuration focused on capturing as much data as possible, and therefore captures A LOT of events. Take this configuration as a base, and remove everything that you do not need. For example, this configuration includes:
```
-w /proc/ -p r -k audit_proc
-w /home/ -p r -k audit_home
-w /usr/bin/ -p r -k audit_usr_bin
-w /bin/ -p r -k audit_bin
-w /etc/ -p rwxa -k audit_recursive_etc
```
Which recursively captures all events in these directories, and thus will generate a lot of documents and take up a lot of space in your cluster. You have been warned.