add stime audit rule

This commit is contained in:
Louis Abel 2024-04-08 11:57:14 -07:00
parent cfdb44c204
commit 347dc10d88
Signed by: label
GPG key ID: 2A6975660E424560

View file

@ -3,6 +3,7 @@
-a always,exit -F arch=b64 -S adjtimex,settimeofday,clock_settime -k time-change
-a always,exit -F arch=b32 -S adjtimex,settimeofday,clock_settime -k time-change
-a always,exit -F arch=b32 -S stime -F key=audit_time_rule
-w /etc/localtime -p wa -k time-change
## Records when events occur that modify user and group passwords and ID's