HEX

Server: Apache/2.4.37 (CentOS Stream) OpenSSL/1.1.1k

System: Linux ysnet.com.tw 4.18.0-553.5.1.el8.x86_64 #1 SMP Tue May 21 05:46:01 UTC 2024 x86_64

User: test (521)

PHP: 7.4.33

Disabled: NONE

Upload Files

File: //usr/share/audit/sample-rules/32-power-abuse.rules

## The purpose of this rule is to detect when an admin may be abusing power
## by looking in user's home dir.
-a always,exit -F dir=/home -F uid=0 -F auid>=1000 -F auid!=unset -C auid!=obj_uid -F key=power-abuse