Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /proc/self/root/proc/thread-self/root/usr/share/audit/sample-rules/ |
## These rules watch for code injection by the ptrace facility. ## This could indicate someone trying to do something bad or ## just debugging #-a always,exit -F arch=b32 -S ptrace -F key=tracing -a always,exit -F arch=b64 -S ptrace -F key=tracing -a always,exit -F arch=b32 -S ptrace -F a0=0x4 -F key=code-injection -a always,exit -F arch=b64 -S ptrace -F a0=0x4 -F key=code-injection -a always,exit -F arch=b32 -S ptrace -F a0=0x5 -F key=data-injection -a always,exit -F arch=b64 -S ptrace -F a0=0x5 -F key=data-injection -a always,exit -F arch=b32 -S ptrace -F a0=0x6 -F key=register-injection -a always,exit -F arch=b64 -S ptrace -F a0=0x6 -F key=register-injection