msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.04.002.2025.08.11
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 51s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-08-12 07:54:20 +02:00
parent 45390ab73a
commit dc7d8946a1
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
config/hooks/live/9996_auditd.chroot
View File

@@ -48,20 +48,20 @@ cat << EOF >| /etc/audit/rules.d/11-loginuid.rules
EOF
############################################################### /etc/audit/rules.d/20-dont-audit.rules
#cat << EOF >| /etc/audit/rules.d/20-dont-audit.rules
cat << EOF >| /etc/audit/rules.d/20-dont-audit.rules
## This is for don't audit rules. We put these early because audit
### is a first match wins system. Uncomment the rules you want.
## is a first match wins system. Uncomment the rules you want.
## Cron jobs fill the logs with stuff we normally don't want
#-a never,user -F subj_type=crond_t
-a never,user -F subj_type=crond_t
## This prevents chrony from overwhelming the logs
#-a never,exit -F arch=x86_64 -S adjtimex -F auid=unset -F uid=_chrony -F subj_type=chronyd_t
-a never,exit -F arch=x86_64 -S adjtimex -F auid=unset -F uid=chrony -F subj_type=chronyd_t
### This is not very interesting and wastes a lot of space if
### the server is public facing
#-a always,exclude -F msgtype=CRYPTO_KEY_USER
#EOF
-a always,exclude -F msgtype=CRYPTO_KEY_USER
EOF
############################################################### /etc/audit/rules.d/21-no32bit.rules
cat << EOF >| /etc/audit/rules.d/21-no32bit.rules
@@ -75,8 +75,8 @@ EOF
############################################################### /etc/audit/rules.d/22-ignore-chrony.rules
cat << EOF >| /etc/audit/rules.d/22-ignore-chrony.rules
## This rule suppresses the time-change event when chrony does time updates
-a never,exit -F arch=b64 -S adjtimex -F auid=unset -F uid=chrony -F subj_type=chronyd_t
-a never,exit -F arch=b32 -S adjtimex -F auid=unset -F uid=chrony -F subj_type=chronyd_t
-a never,exit -F arch=b64 -S adjtimex -F auid=unset -F uid=_chrony -F subj_type=chronyd_t
-a never,exit -F arch=b32 -S adjtimex -F auid=unset -F uid=_chrony -F subj_type=chronyd_t
EOF
############################################################### /etc/audit/rules.d/30-ospp-v42-1-create-failed.rules