Code Review / ta / infra-ansible.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Initial commit
[ta/infra-ansible.git] / roles / audit / templates / 31-privileged-gen.rules.j2
1 ## Generated privilaged rules
2 -a always,exit -F path=/usr/bin/chage -F perm=x -k privileged
3 -a always,exit -F path=/usr/bin/gpasswd -F perm=x -k privileged
4 -a always,exit -F path=/usr/bin/newgrp -F perm=x -k privileged
5 -a always,exit -F path=/usr/bin/mount -F perm=x -k privileged
6 -a always,exit -F path=/usr/bin/su -F perm=x -k privileged
7 -a always,exit -F path=/usr/bin/sudo -F perm=x -k privileged
8 -a always,exit -F path=/usr/bin/umount -F perm=x -k privileged
9 -a always,exit -F path=/usr/bin/at -F perm=x -k privileged
10 -a always,exit -F path=/usr/bin/chfn -F perm=x -k privileged
11 -a always,exit -F path=/usr/bin/chsh -F perm=x -k privileged
12 -a always,exit -F path=/usr/bin/passwd -F perm=x -k privileged
13 -a always,exit -F path=/usr/bin/pkexec -F perm=x -k privileged
14 -a always,exit -F path=/usr/bin/crontab -F perm=x -k privileged
15 -a always,exit -F path=/usr/bin/fusermount -F perm=x -k privileged
16 -a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -k privileged
17 -a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -k privileged
18 -a always,exit -F path=/usr/sbin/mount.nfs -F perm=x -k privileged
19 -a always,exit -F path=/usr/sbin/usernetctl -F perm=x -k privileged
20 -a always,exit -F path=/usr/bin/userhelper -F perm=x -k privileged
21 -a always,exit -F path=/usr/sbin/semanage -F perm=x -k privileged-priv_change 
22 -a always,exit -F path=/usr/sbin/setsebool -F perm=x -k privileged-priv_change
23 -a always,exit -F path=/usr/bin/chcon -F perm=x -k privileged-priv_change
24 -a always,exit -F path=/usr/sbin/restorecon -F perm=x -k privileged-priv_change
25 -a always,exit -F path=/usr/bin/sudoedit -F perm=x -k privileged
26 -a always,exit -F path=/usr/sbin/postdrop -F perm=x -k privileged
27 -a always,exit -F path=/usr/sbin/postqueue -F perm=x -k privileged
28 -a always,exit -F path=/usr/libexec/qemu-bridge-helper -F perm=x -k privileged
29 -a always,exit -F path=/usr/libexec/dbus-1/dbus-daemon-launch-helper -F perm=x -k privileged
30 -a always,exit -F path=/usr/lib/polkit-1/polkit-agent-helper-1 -F perm=x -k privileged
31 -a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -k privileged
This repository contains all the generic deployment playbooks, which configure services running directly on the host. Includes playbooks for disk partitioning, Ceph configuration, hardening, security, SSH, operating system level user management etc.