X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=roles%2Faudit%2Ftemplates%2F43-module-load.rules.j2;fp=roles%2Faudit%2Ftemplates%2F43-module-load.rules.j2;h=8c266f5a51c2d629dbfb76b184ec9842cdad292f;hb=74a49ba6ef2ea715fa492db0bcd85c30398688e8;hp=0000000000000000000000000000000000000000;hpb=a936af362724cca0c5dc2c424902d398f9833410;p=ta%2Finfra-ansible.git

diff --git a/roles/audit/templates/43-module-load.rules.j2 b/roles/audit/templates/43-module-load.rules.j2
new file mode 100644
index 0000000..8c266f5
--- /dev/null
+++ b/roles/audit/templates/43-module-load.rules.j2
@@ -0,0 +1,6 @@
+## These rules watch for kernel module insertion
+-w /usr/sbin/insmod -p x -k modules
+-w /usr/sbin/rmmod -p x -k modules
+-w /usr/sbin/modprobe -p x -k modules
+-a always,exit -F arch=b64 -S init_module -S delete_module -S create_module -S finit_module -S kexec_file_load -S kexec_load -k modules
+-a always,exit -F arch=b32 -S init_module -S delete_module -S create_module -S finit_module -k modules