PATH:
usr
/
share
/
doc
/
audit-2.8.5
/
rules
## The purpose of this rule is to detect when an admin may be abusing power ## by looking in user's home dir. -a always,exit -F dir=/home -F uid=0 -F auid>=1000 -F auid!=unset -C auid!=obj_uid -F key=power-abuse
[-] README-rules
[edit]
[-] 30-stig.rules
[edit]
[-] 12-cont-fail.rules
[edit]
[-] 42-injection.rules
[edit]
[+]
..
[-] 10-no-audit.rules
[edit]
[-] 23-ignore-filesystems.rules
[edit]
[-] 22-ignore-chrony.rules
[edit]
[-] 70-einval.rules
[edit]
[-] 30-nispom.rules
[edit]
[-] 41-containers.rules
[edit]
[-] 40-local.rules
[edit]
[-] 43-module-load.rules
[edit]
[-] 32-power-abuse.rules
[edit]
[-] 21-no32bit.rules
[edit]
[-] 11-loginuid.rules
[edit]
[-] 20-dont-audit.rules
[edit]
[-] 12-ignore-error.rules
[edit]
[-] 71-networking.rules
[edit]
[-] 99-finalize.rules
[edit]
[-] 30-pci-dss-v31.rules
[edit]
[-] 10-base-config.rules
[edit]
[-] 31-privileged.rules
[edit]
[-] 30-ospp-v42.rules
[edit]