Produced by Araxis Merge on 5/14/2018 1:18:37 PM Eastern Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | MCCF_EDI_TAS_Infrastructure.zip\MCCF_EDI_TAS_Infrastructure\mag_sys_build\playbooks | audit_privileged_rule.yml | Tue Mar 27 23:51:10 2018 UTC |
| 2 | MCCF_EDI_TAS_Infrastructure.zip\MCCF_EDI_TAS_Infrastructure\mag_sys_build\playbooks | audit_privileged_rule.yml | Tue May 8 03:18:27 2018 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 2 | 116 |
| Changed | 1 | 2 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | # Ansible Playbook | |
| 2 | # Erik van Oudheusde n PII - 28 Sep 2 017 | |
| 3 | # | |
| 4 | # Ensure a uditd Coll ects Infor mation on the Use of Privilege d Commands | |
| 5 | ||
| 6 | --- | |
| 7 | - name: En sure audit d Collects Informati on on the Use of Pri vileged Co mmands | |
| 8 | hosts: r hel7 | |
| 9 | become: yes | |
| 10 | tasks: | |
| 11 | - name: Create pri vileged.ru les | |
| 12 | blocki nfile: | |
| 13 | path : /etc/aud it/rules.d /privilege d.rules | |
| 14 | crea te: yes | |
| 15 | back up: yes | |
| 16 | mark er: "## {m ark} Added for VA CR ISP" | |
| 17 | owne r: root | |
| 18 | grou p: root | |
| 19 | mode : 0600 | |
| 20 | cont ent: | | |
| 21 | # | |
| 22 | -a always,ex it -F path =/usr/libe xec/abrt-a ction-inst all-debugi nfo-to-abr t-cache -F perm=x -F auid>=100 0 -F auid! =429496729 5 -k privi leged | |
| 23 | -a always,ex it -F path =/usr/libe xec/utempt er/utempte r -F perm= x -F auid> =1000 -F a uid!=42949 67295 -k p rivileged | |
| 24 | -a always,ex it -F path =/usr/libe xec/openss h/ssh-keys ign -F per m=x -F aui d>=1000 -F auid!=429 4967295 -k privilege d | |
| 25 | -a always,ex it -F path =/usr/bin/ crontab -F perm=x -F auid>=100 0 -F auid! =429496729 5 -k privi leged | |
| 26 | -a always,ex it -F path =/usr/bin/ newgrp -F perm=x -F auid>=1000 -F auid!= 4294967295 -k privil eged | |
| 27 | -a always,ex it -F path =/usr/bin/ staprun -F perm=x -F auid>=100 0 -F auid! =429496729 5 -k privi leged | |
| 28 | -a always,ex it -F path =/usr/bin/ chfn -F pe rm=x -F au id>=1000 - F auid!=42 94967295 - k privileg ed | |
| 29 | -a always,ex it -F path =/usr/bin/ wall -F pe rm=x -F au id>=1000 - F auid!=42 94967295 - k privileg ed | |
| 30 | -a always,ex it -F path =/usr/bin/ passwd -F perm=x -F auid>=1000 -F auid!= 4294967295 -k privil eged | |
| 31 | -a always,ex it -F path =/usr/bin/ fusermount -F perm=x -F auid>= 1000 -F au id!=429496 7295 -k pr ivileged | |
| 32 | -a always,ex it -F path =/usr/bin/ screen -F perm=x -F auid>=1000 -F auid!= 4294967295 -k privil eged | |
| 33 | -a always,ex it -F path =/usr/bin/ pkexec -F perm=x -F auid>=1000 -F auid!= 4294967295 -k privil eged | |
| 34 | -a always,ex it -F path =/usr/bin/ at -F perm =x -F auid >=1000 -F auid!=4294 967295 -k privileged | |
| 35 | -a always,ex it -F path =/usr/bin/ write -F p erm=x -F a uid>=1000 -F auid!=4 294967295 -k privile ged | |
| 36 | -a always,ex it -F path =/usr/bin/ chsh -F pe rm=x -F au id>=1000 - F auid!=42 94967295 - k privileg ed | |
| 37 | -a always,ex it -F path =/usr/bin/ locate -F perm=x -F auid>=1000 -F auid!= 4294967295 -k privil eged | |
| 38 | -a always,ex it -F path =/usr/bin/ sudo -F pe rm=x -F au id>=1000 - F auid!=42 94967295 - k privileg ed | |
| 39 | -a always,ex it -F path =/usr/bin/ sudoedit - F perm=x - F auid>=10 00 -F auid !=42949672 95 -F key= privileged | |
| 40 | -a always,ex it -F path =/usr/bin/ ssh-agent -F perm=x -F auid>=1 000 -F aui d!=4294967 295 -k pri vileged | |
| 41 | -a always,ex it -F path =/usr/bin/ cgclassify -F perm=x -F auid>= 1000 -F au id!=429496 7295 -k pr ivileged | |
| 42 | -a always,ex it -F path =/usr/bin/ mount -F p erm=x -F a uid>=1000 -F auid!=4 294967295 -k privile ged | |
| 43 | -a always,ex it -F path =/usr/bin/ su -F perm =x -F auid >=1000 -F auid!=4294 967295 -k privileged | |
| 44 | -a always,ex it -F path =/usr/bin/ umount -F perm=x -F auid>=1000 -F auid!= 4294967295 -k privil eged | |
| 45 | -a always,ex it -F path =/usr/bin/ gpasswd -F perm=x -F auid>=100 0 -F auid! =429496729 5 -k privi leged | |
| 46 | -a always,ex it -F path =/usr/bin/ cgexec -F perm=x -F auid>=1000 -F auid!= 4294967295 -k privil eged | |
| 47 | -a always,ex it -F path =/usr/bin/ chage -F p erm=x -F a uid>=1000 -F auid!=4 294967295 -k privile ged | |
| 48 | -a always,ex it -F path =/usr/lib6 4/dbus-1/d bus-daemon -launch-he lper -F pe rm=x -F au id>=1000 - F auid!=42 94967295 - k privileg ed | |
| 49 | -a always,ex it -F path =/usr/sbin /pam_times tamp_check -F perm=x -F auid>= 1000 -F au id!=429496 7295 -k pr ivileged | |
| 50 | -a always,ex it -F path =/usr/sbin /postdrop -F perm=x -F auid>=1 000 -F aui d!=4294967 295 -k pri vileged | |
| 51 | -a always,ex it -F path =/usr/sbin /usernetct l -F perm= x -F auid> =1000 -F a uid!=42949 67295 -k p rivileged | |
| 52 | -a always,ex it -F path =/usr/sbin /netreport -F perm=x -F auid>= 1000 -F au id!=429496 7295 -k pr ivileged | |
| 53 | -a always,ex it -F path =/usr/sbin /userhelpe r -F perm= x -F auid> =1000 -F a uid!=42949 67295 -k p rivileged | |
| 54 | -a always,ex it -F path =/usr/sbin /unix_chkp wd -F perm =x -F auid >=1000 -F auid!=4294 967295 -k privileged | |
| 55 | -a always,ex it -F path =/usr/sbin /postqueue -F perm=x -F auid>= 1000 -F au id!=429496 7295 -k pr ivileged | |
| 56 | -a always,ex it -F path =/usr/lib/ polkit-1/p olkit-agen t-helper-1 -F perm=x -F auid>= 1000 -F au id!=429496 7295 -k pr ivileged | |
| 57 | # | |
| 58 | ||
| 59 |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.