Update rule in ubtu18cis_4_1_15_actions.rules.j2 #67
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overall Review of Changes:
Original PR thanks to @hankszeto
Space needed between '-F' and
auid
.This matches what UBUNTU18-CIS-Audit is expecting too.
-a always,exit -F arch=b32 -C euid!=uid -F euid=0 -Fauid>=1000 -F auid!=4294967295 -S execve -k actions
vs
-a always,exit -F arch=b64 -C euid!=uid -F euid=0 -F auid>=1000 -F auid!=4294967295 -S execve -k actions
Issue Fixes:
N/A
Enhancements:
4.1.15 | L2 | Ensure system administrator command executions (sudo) are collected | Config
will not be listed as unsuccessful in the Post Audit report.How has this been tested?:
Post audit report:
Signed-off-by: George Nalen georgen@mindpointgroup.com