Script combine_ovals.py from SCAP Security Guide ssg: [0, 1, 80], python: 3.10.12 5.11.2 2025-12-02T22:12:01 Ensure the Audit Configuration is Loaded Regardless of Errors Ubuntu 22.04 Ensure the Audit Configuration is Loaded Regardless of Errors Enable Syscall Auditing Ubuntu 22.04 Syscall auditing should not be disabled. Make the auditd Configuration Immutable Ubuntu 22.04 Force a reboot to change audit rules is enabled Configure immutable Audit login UIDs Ubuntu 22.04 Check if system is configured to make login UIDs immutable Record Events that Modify the System's Mandatory Access Controls Ubuntu 22.04 Audit rules that detect changes to the system's mandatory access controls (Apparmor) are enabled. Record Events that Modify the System's Network Environment Ubuntu 22.04 The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited. Record Attempts to Alter Process and Session Initiation Information Ubuntu 22.04 Audit rules should capture information about session initiation. Record Events When Executables Are Run As Another User Ubuntu 22.04 Ensure audit rule for all uses of privileged functions is enabled Record Events When Privileged Executables Are Run Ubuntu 22.04 Ensure audit rule for all uses of privileged functions is enabled Ensure auditd Collects System Administrator Actions Ubuntu 22.04 Audit actions taken by system administrators on the system. Shutdown System When Auditing Failures Occur Ubuntu 22.04 The system will shutdown when auditing fails. Record Events that Modify User/Group Information Ubuntu 22.04 Audit rules should detect modification to system files that hold information about users and groups. Record Access Events to Audit Log Directory Ubuntu 22.04 Audit rules about the read events to /var/log/audit System Audit Directories Must Be Group Owned By Root Ubuntu 22.04 Checks that all /var/log/audit directories are group owned by the root user. System Audit Directories Must Be Owned By Root Ubuntu 22.04 Checks that all /var/log/audit directories are owned by the root user. System Audit Logs Must Have Mode 0750 or Less Permissive Ubuntu 22.04 Checks for correct permissions for audit logs. System Audit Logs Must Be Group Owned By Root Ubuntu 22.04 Checks that all audit log files are group owned by the root user. System Audit Logs Must Be Group Owned By Root Ubuntu 22.04 Checks that all audit log files are group owned by the root user. System Audit Logs Must Be Owned By Root Ubuntu 22.04 Checks that all /var/log/audit files and directories are owned by the root user and group. System Audit Logs Must Be Owned By Root Ubuntu 22.04 Checks that all audit log files are owned by the root user. System Audit Logs Must Have Mode 0640 or Less Permissive Ubuntu 22.04 Checks for correct permissions for all audit log files. System Audit Logs Must Have Mode 0600 or Less Permissive Ubuntu 22.04 Checks for correct permissions for all audit log files. Record Events that Modify the System's Discretionary Access Controls - umount Ubuntu 22.04 The changing of file permissions and attributes should be audited. Ensure auditd Collects File Deletion Events by User Ubuntu 22.04 Audit files deletion events. Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Ensure auditd Collects Information on Kernel Module Loading and Unloading Ubuntu 22.04 The audit rules should be configured to log information about kernel module loading and unloading. Record Attempts to Alter Logon and Logout Events Ubuntu 22.04 Audit rules should be configured to log successful and unsuccessful login and logout events. Ensure auditd Collects Information on the Use of Privileged Commands Ubuntu 22.04 Audit rules about the information on the use of privileged commands are enabled. Ensure auditd Collects Information on the Use of Privileged Commands - fdisk Ubuntu 22.04 Ensure audit rule for all uses of the fdisk command is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - insmod Ubuntu 22.04 Ensure audit rule for all uses of the insmod command is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - kmod Ubuntu 22.04 Ensure audit rule for all uses of the kmod command is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - modprobe Ubuntu 22.04 Ensure audit rule for all uses of the modprobe command is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - rmmod Ubuntu 22.04 Ensure audit rule for all uses of the rmmod command is enabled. Record attempts to alter time through adjtimex Ubuntu 22.04 Record attempts to alter time through adjtimex. Record Attempts to Alter Time Through clock_settime Ubuntu 22.04 Record attempts to alter time through clock_settime. Record attempts to alter time through settimeofday Ubuntu 22.04 Record attempts to alter time through settimeofday. Record Attempts to Alter Time Through stime Ubuntu 22.04 Record attempts to alter time through stime. Note that on 64-bit architectures the stime system call is not defined in the audit system calls lookup table. Configure audispd Plugin To Send Logs To Remote Server Ubuntu 22.04 remote_server setting in /etc/audit/audisp-remote.conf is set to a certain IP address or hostname Configure audispd's Plugin disk_full_action When Disk Is Full Ubuntu 22.04 remote_server setting in /etc/audit/audisp-remote.conf is set to a certain IP address or hostname Encrypt Audit Records Sent With audispd Plugin Ubuntu 22.04 enable_krb5 setting in /etc/audit/audisp-remote.conf is set to 'yes' Configure audispd's Plugin network_failure_action On Network Failure Ubuntu 22.04 remote_server setting in /etc/audit/audisp-remote.conf is set to a certain IP address or hostname Configure auditd to use audispd's syslog plugin Ubuntu 22.04 active setting in /etc/audit/plugins.d/syslog.conf is set to 'yes' Configure auditd Disk Error Action on Disk Error Ubuntu 22.04 disk_error_action setting in /etc/audit/auditd.conf is set to a certain action Configure auditd Disk Error Action on Disk Error Ubuntu 22.04 disk_error_action setting in /etc/audit/auditd.conf is set to SYSLOG, SINGLE or HALT Configure auditd Disk Full Action when Disk Space Is Full Ubuntu 22.04 disk_full_action setting in /etc/audit/auditd.conf is set to a certain action Configure auditd Disk Full Action when Disk Space Is Full Ubuntu 22.04 disk_full_action setting in /etc/audit/auditd.conf is set to SYSLOG, SINGLE or HALT Configure auditd mail_acct Action on Low Disk Space Ubuntu 22.04 action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account Configure auditd admin_space_left Action on Low Disk Space Ubuntu 22.04 admin_space_left_action setting in /etc/audit/auditd.conf is set to a certain action Configure auditd admin_space_left on Low Disk Space Ubuntu 22.04 admin_space_left setting in /etc/audit/auditd.conf is set to at least a certain value Configure auditd flush priority Ubuntu 22.04 The setting for flush in /etc/audit/auditd.conf Configure auditd Max Log File Size Ubuntu 22.04 max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value Configure auditd max_log_file_action Upon Reaching Maximum Log Size Ubuntu 22.04 max_log_file_action setting in /etc/audit/auditd.conf is set to a certain action Configure auditd max_log_file_action Upon Reaching Maximum Log Size Ubuntu 22.04 max_log_file_action setting in /etc/audit/auditd.conf is set to a certain action Configure auditd Number of Logs Retained Ubuntu 22.04 num_logs setting in /etc/audit/auditd.conf is set to at least a certain value Configure auditd space_left on Low Disk Space Ubuntu 22.04 space_left setting in /etc/audit/auditd.conf is set to at least a certain value Configure auditd space_left Action on Low Disk Space Ubuntu 22.04 space_left_action setting in /etc/audit/auditd.conf is set to a certain action Configure auditd space_left on Low Disk Space Ubuntu 22.04 space_left setting in /etc/audit/auditd.conf is set to at least a certain value Set type of computer node name logging in audit logs Ubuntu 22.04 Ensure 'name_format' is configured with value 'hostname|fdq|numeric' in /etc/audit/auditd.conf Offload audit Logs to External Media Ubuntu 22.04 Check if a script for audit offload exists in /etc/cron.weekly/ Appropriate Action Must be Setup When the Internal Audit Event Queue is Full Ubuntu 22.04 Ensure 'overflow_action' is configured with value '(syslog|single|halt)' in /etc/audit/auditd.conf Configure audit according to OSPP requirements Ubuntu 22.04 Compare configure audit rules against the recommended pre-configured files. Disable unauthenticated repositories in APT configuration Ubuntu 22.04 Accessing a repository should be allowed only when the repository is authenticated. Ensure that official distribution repositories are used Ubuntu 22.04 Official distribution repositories contain up-to-date distribution security and functional patches. Disable DHCP Client in ifcfg Ubuntu 22.04 DHCP configuration should be static for all interfaces. Configure Fapolicy Module to Employ a Deny-all, Permit-by-exception Policy to Allow the Execution of Authorized Software Programs. Ubuntu 22.04 Configure Fapolicy Module to Employ a Deny-all, Permit-by-exception Policy Enable Logging of All FTP Transactions Ubuntu 22.04 To trace malicious activity facilitated by the FTP service, it must be configured to ensure that all commands sent to the FTP server are logged using the verbose vsftpd log format. Create Warning Banners for All FTP Users Ubuntu 22.04 This setting will cause the system greeting banner to be used for FTP connections as well. Set Permissions on the /etc/httpd/conf/ Directory Ubuntu 22.04 Directory permissions for /etc/httpd/conf/ should be set to 0750 (or stronger). Set Permissions on the /var/log/httpd/ Directory Ubuntu 22.04 Directory permissions for /var/log/httpd should be set to 0700 (or stronger). Set Permissions on All Configuration Files Inside /etc/httpd/conf.d/ Ubuntu 22.04 The /etc/httpd/conf.d/* files should have the appropriate permissions (0640 or stronger). Set Permissions on All Configuration Files Inside /etc/httpd/conf/ Ubuntu 22.04 The /etc/httpd/conf/* files should have the appropriate permissions (0640 or stronger). Set Permissions on All Configuration Files Inside /etc/httpd/conf.modules.d/ Ubuntu 22.04 The /etc/httpd/conf.modules.d/* files should have the appropriate permissions (0640 or stronger). Disable Plaintext Authentication Ubuntu 22.04 Plaintext authentication of mail clients should be disabled. Enable the SSL flag in /etc/dovecot.conf Ubuntu 22.04 SSL capabilities should be enabled for the mail server. Disable Kerberos by removing host keytab Ubuntu 22.04 Check that there is no Kerberos keytab file present in /etc Enable the LDAP Client For Use in Authconfig Ubuntu 22.04 Enable LDAP in authconfig. Configure LDAP Client to Use TLS For All Transactions Ubuntu 22.04 Require the use of TLS for LDAP clients. Configure Certificate Directives for LDAP Use of TLS Ubuntu 22.04 Require the use of TLS for LDAP clients. Ensure Mail Transfer Agent is not Listening on any non-loopback Address Ubuntu 22.04 Verify MTA is not listening on any non-loopback address Configure System to Forward All Mail For The Root Account Ubuntu 22.04 Check if root has the correct mail alias. Configure System to Forward All Mail From Postmaster to The Root Account Ubuntu 22.04 Check if postmaster has the correct mail alias. Disable Postfix Network Listening Ubuntu 22.04 Postfix network listening should be disabled Configure SMTP Greeting Banner Ubuntu 22.04 Protect against unnecessary release of information. Prevent Unrestricted Mail Relaying Ubuntu 22.04 Ensure 'smtpd_client_restrictions' is configured with value 'permit_mynetworks[ \t]*[, \t][ \t]*reject' in /etc/postfix/main.cf Ensure Insecure File Locking is Not Allowed Ubuntu 22.04 Allowing insecure file locking could allow for sensitive data to be viewed or edited by an unauthorized user. Use Kerberos Security on All Exports Ubuntu 22.04 Using Kerberos Security allows to cryptography authenticate a valid user to an NFS share. Configure Time Service to use NTS Ubuntu 22.04 Configure the nts setting in /etc/ntp.conf or chrony.conf to use NTS on all time servers. Disable chrony daemon from acting as server Ubuntu 22.04 Configure the port setting in /etc/chrony/chrony.conf to disable server operation. Chrony Configure Pool and Server Ubuntu 22.04 A remote NTP Server for time synchronization should be specified (and dependencies are met) Disable network management of chrony daemon Ubuntu 22.04 Configure the cmdport setting in /etc/chrony/chrony.conf to disable chronyc management connections over network. Configure Time Service Maxpoll Interval Ubuntu 22.04 Configure the maxpoll setting in /etc/ntp.conf or chrony.conf to continuously poll the time source servers. Specify Additional Remote NTP Servers Ubuntu 22.04 Multiple remote chronyd or ntpd NTP Servers for time synchronization should be specified (and dependencies are met) Specify a Remote NTP Server Ubuntu 22.04 A remote chronyd or ntpd NTP Server for time synchronization should be specified (and dependencies are met) Ensure that chronyd is running under chrony user account Ubuntu 22.04 Ensure 'user' is configured with value '_chrony' in /etc/chrony/chrony.conf Ensure Chrony is only configured with the server directive Ubuntu 22.04 Ensure Chrony has time sources configured with server directive A remote time server for Chrony is configured Ubuntu 22.04 A remote NTP Server for time synchronization should be specified (and dependencies are met) Verify Group Who Owns /etc/chrony.keys File Ubuntu 22.04 /etc/chrony.keys should be owned by chrony group Ensure a Single Time Synchronization Service is in Use Ubuntu 22.04 Ensure a Single Time Synchronization Service is in Use Configure server restrictions for ntpd Ubuntu 22.04 Certain restrictions are imposed on ntp servers configured to be used by ntpd Configure ntpd To Run As ntp User Ubuntu 22.04 Ensure ntpd is configured to run correctly under the ntp user. Specify Additional Remote NTP Servers Ubuntu 22.04 Multiple ntpd NTP Servers for time synchronization should be specified. Specify a Remote NTP Server Ubuntu 22.04 A remote ntpd NTP Server for time synchronization should be specified (and dependencies are met) Enable the NTP Daemon Ubuntu 22.04 At least one of the chronyd or ntpd services should be enabled if possible. Configure Systemd Timesyncd Servers Ubuntu 22.04 Ensure that timesyncd is enabled and configured Configure Systemd Timesyncd Root Distance Servers Ubuntu 22.04 Ensure that timesyncd RootDistanceMaxSec is configured Ensure /etc/hosts.deny is configured Ubuntu 22.04 Ensure 'ALL:' is configured with value 'ALL' in /etc/hosts.deny Name Service Switch does not use NIS Ubuntu 22.04 nis is not configured as a database in /etc/nsswitch.conf Remove Host-Based Authentication Files Ubuntu 22.04 There should not be any shosts.equiv files on the system. Remove Rsh Trust Files Ubuntu 22.04 There should not be any .rhosts or hosts.equiv files on the system. Remove User Host-Based Authentication Files Ubuntu 22.04 There should not be any .shosts files on the system. Ensure tftp systemd Service Uses Secure Mode Ubuntu 22.04 The TFTP daemon should use secure mode. Ensure tftp Daemon Uses Secure Mode Ubuntu 22.04 The TFTP daemon should use secure mode. Disable Printer Browsing Entirely if Possible Ubuntu 22.04 The CUPS print service can be configured to broadcast a list of available printers to the network. Other machines on the network, also running the CUPS print service, can be configured to listen to these broadcasts and add and configure these printers for immediate use. By disabling this browsing capability, the machine will no longer generate or receive such broadcasts. Disable Print Server Capabilities Ubuntu 22.04 By default, locally configured printers will not be shared over the network, but if this functionality has somehow been enabled, these recommendations will disable it again. Be sure to disable outgoing printer list broadcasts, or remote users will still be able to see the locally configured printers, even if they cannot actually print to them. To limit print serving to a particular set of users, use the Policy directive. Require Client SMB Packet Signing, if using mount.cifs Ubuntu 22.04 Require packet signing of clients who mount Samba shares using the mount.cifs program (e.g., those who specify shares in /etc/fstab). To do so, ensure that signing options (either sec=krb5i or sec=ntlmv2i) are used. Require Client SMB Packet Signing, if using smbclient Ubuntu 22.04 Require samba clients which use smb.conf, such as smbclient, to use packet signing. A Samba client should only communicate with servers who can support SMB packet signing. Ensure Default SNMP Password Is Not Used Ubuntu 22.04 SNMP default communities must be removed. Configure SNMP Service to Use Only SNMPv3 or Newer Ubuntu 22.04 SNMP version 1 and 2c must not be enabled. Verify Permissions on SSH Server Private *_key Key Files Ubuntu 22.04 Remove SSH Server firewalld Firewall exception (Unusual) Ubuntu 22.04 If inbound SSH access is not needed, the firewall should disallow or reject access to the SSH port (22). Configure session renegotiation for SSH client Ubuntu 22.04 Ensure 'RekeyLimit' is configured with the correct value in /etc/ssh/ssh_config and /etc/ssh/ssh_config.d/*.conf Use Only FIPS 140-3 Validated Ciphers in SSH Client Configuration Ubuntu 22.04 Limit the ciphers to those which are FIPS-approved. SSH client uses strong entropy to seed (for CSH like shells) Ubuntu 22.04 Ensure the SSH_USE_STRONG_RNG environment variable is exported in /etc/profile.d/cc-ssh-strong-rng.csh and is not overridden in /etc/profile SSH client uses strong entropy to seed (Bash-like shells) Ubuntu 22.04 Ensure the SSH_USE_STRONG_RNG environment variable is exported in /etc/profile.d/cc-ssh-strong-rng.sh and is not overridden in /etc/profile Use Only FIPS 140-3 Validated MACs Ubuntu 22.04 Limit the Message Authentication Codes (MACs) to those which are FIPS-approved. Enable SSH Server firewalld Firewall Exception Ubuntu 22.04 If inbound SSH access is needed, the firewall should allow access to the SSH service. SSHD Must Include System Crypto Policy Config File Ubuntu 22.04 Ensure SSHD to include the system crypto policy Limit Users' SSH Access Ubuntu 22.04 One of the following parameters of the sshd configuration file is set: AllowUsers, DenyUsers, AllowGroups, DenyGroups. Force frequent session key renegotiation Ubuntu 22.04 Ensure RekeyLimit is configured with the appropriate value in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Set SSH Client Alive Interval Ubuntu 22.04 The SSH idle timeout interval should be set to an appropriate value. Ensure SSH LoginGraceTime is configured Ubuntu 22.04 The SSH number seconds for login grace time should be set to an appropriate value. Set SSH authentication attempt limit Ubuntu 22.04 The SSH MaxAuthTries should be set to an appropriate value. Set SSH MaxSessions limit Ubuntu 22.04 The SSH number of max sessions should be set to an appropriate value. Ensure SSH MaxStartups is configured Ubuntu 22.04 Ensure 'MaxStartups' is properly configured in SSH configuration files. Use Only FIPS 140-2 Validated Ciphers Ubuntu 22.04 Limit the ciphers to those which are FIPS-approved. Use Only FIPS 140-2 Validated Ciphers Ubuntu 22.04 Limit the ciphers to those which are FIPS-approved. Use Only FIPS 140-2 Validated Key Exchange Algorithms Ubuntu 22.04 Limit the KexAlgorithms to those which are FIPS-approved. Use Only FIPS 140-2 Validated MACs Ubuntu 22.04 Limit the Message Authentication Codes (MACs) to those which are FIPS-approved. Use Only FIPS 140-2 Validated MACs Ubuntu 22.04 Limit the Message Authentication Codes (MACs) to those which are FIPS-approved. Distribute the SSH Server configuration to multiple files in a config directory. Ubuntu 22.04 foo Use Only Strong Ciphers Ubuntu 22.04 Ensure 'Ciphers' is configured with value '((aes128-ctr|aes192-ctr|aes256-ctr|chacha20-poly1305@openssh\.com|aes256-gcm@openssh\.com|aes128-gcm@openssh\.com),?)+' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Use Only Strong Key Exchange algorithms Ubuntu 22.04 Limit the Key Exchange Algorithms to those which are FIPS-approved. Use Only Strong MACs Ubuntu 22.04 Ensure only strong MAC algorithms are used Certificate status checking in SSSD Ubuntu 22.04 SSSD should be configured with the correct ocsp_dgst digest function Certificate trust path in SSSD Ubuntu 22.04 SSSD should be configured with trust path to an accepted trust anchor. Configure PAM in SSSD Services Ubuntu 22.04 SSSD should be configured to run SSSD PAM services. Enable Smartcards in SSSD Ubuntu 22.04 SSSD should be configured to authenticate access to the system using smart cards. Enable Certificates Mapping in SSSD Ubuntu 22.04 SSSD should be configured to map the certificate to correct user or group Configure SSSD's Memory Cache to Expire Ubuntu 22.04 SSSD's memory cache should be configured to set to expire records after 1 day. Configure SSSD to Expire Offline Credentials Ubuntu 22.04 SSSD should be configured to expire offline credentials after 1 day. Configure SSSD to run as user sssd Ubuntu 22.04 SSSD processes should be configured to run as user sssd, not root. Configure SSSD to Expire SSH Known Hosts Ubuntu 22.04 SSSD should be configured to expire keys from known SSH hosts after 1 day. Configure SSSD LDAP Backend Client CA Certificate Location Ubuntu 22.04 Configure SSSD to implement cryptography to protect the integrity of LDAP remote access sessions. Configure SSSD LDAP Backend Client to Demand a Valid Certificate from the Server Ubuntu 22.04 Configure SSSD to request a valid certificate from the server to protect LDAP remote access sessions. Configure SSSD LDAP Backend to Use TLS For All Transactions Ubuntu 22.04 LDAP should be used for authentication and use STARTTLS Authorize Human Interface Devices in USBGuard daemon Ubuntu 22.04 Check that /etc/usbguard/rules.conf exists and that it contains at least one non white space character. Authorize Human Interface Devices and USB hubs in USBGuard daemon Ubuntu 22.04 Check that /etc/usbguard/rules.conf contains at least one non whitespace character and exists. Authorize USB hubs in USBGuard daemon Ubuntu 22.04 Check that /etc/usbguard/rules.conf contains at least one non whitespace character and exists. Generate USBGuard Policy Ubuntu 22.04 Check that /etc/usbguard/rules.conf contains at least one non whitespace character and exists. Disable graphical user interface Ubuntu 22.04 Ensure that the default runlevel target is set to multi-user.target. Disable Graphical Environment Startup By Setting Default Target Ubuntu 22.04 Ensure that the default runlevel target is set to multi-user.target. Ensure system-auth and password-auth files are symbolic links pointing to system-auth-local and password-auth-local Ubuntu 22.04 Ensure system-auth and password-auth files are symbolic links pointing to system-auth-local and password-auth-local Enable authselect Ubuntu 22.04 Check that authselect is enabled Modify the System Login Banner Ubuntu 22.04 The system login banner text should be set correctly. Modify the System Login Banner for Remote Connections Ubuntu 22.04 The system login banner text should be set correctly. Modify the System Message of the Day Banner Ubuntu 22.04 The system motd banner text should be set correctly. Enable the SSH login confirmation banner Ubuntu 22.04 The SSH confirmation banner text should be set correctly. Modify the System GUI Login Banner Ubuntu 22.04 The system login banner text should be set correctly. Enable GNOME3 Login Warning Banner Ubuntu 22.04 Enable the GNOME3 Login warning banner. Set the GNOME3 Login Warning Banner Text Ubuntu 22.04 Enable the GUI warning banner. Display the Standard Mandatory DoD Notice and Consent Banner until Explicit Acknowledgement Ubuntu 22.04 Display of a standardized and approved use notification before granting access to the SUSE operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. Verify pam_unix module is activated Ubuntu 22.04 Ensure pam_unix.so is properly configured in PAM configuration files Disallow Configuration to Bypass Password Requirements for Privilege Escalation Ubuntu 22.04 Disallow Configuration to Bypass Password Requirements for Privilege Escalation. Ensure PAM Displays Last Logon/Access Notification Ubuntu 22.04 Configure the system to notify users of last login/access using pam_lastlog. Set Up a Private Namespace in PAM Configuration Ubuntu 22.04 Check presence of pam_namespace.so module in the /etc/pam.d/login file Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File. Ubuntu 22.04 Configure the use of the pam_faillock.so module in the /etc/pam.d/password-auth file. Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File. Ubuntu 22.04 Configure the use of the pam_faillock.so module in the /etc/pam.d/system-auth file. An SELinux Context must be configured for the pam_faillock.so records directory Ubuntu 22.04 An SELinux Context must be configured for the Faillock directory. Account Lockouts Must Be Logged Ubuntu 22.04 Account Lockouts Must Be Logged Verify pam_pwhistory module is activated Ubuntu 22.04 The passwords to remember should be set correctly. Limit Password Reuse Ubuntu 22.04 Enforce password history for root of pam_pwhistory. Limit Password Reuse Ubuntu 22.04 The passwords to remember of pam_pwhistory should be set correctly. Limit Password Reuse: password-auth Ubuntu 22.04 The passwords to remember should be set correctly. Limit Password Reuse: system-auth Ubuntu 22.04 The passwords to remember should be set correctly. Enforce Password History with use_authtok Ubuntu 22.04 Configure the system to include use_authtok for pam_pwhistory common_password configuration file Require use_authtok for pam_unix.so Ubuntu 22.04 Configure the system to include use_authtok in pam common_password configuration file Limit Password Reuse Ubuntu 22.04 The passwords to remember should be set correctly. Account Lockouts Must Be Logged Ubuntu 22.04 Account Lockouts Must Be Logged Configure the root Account for Failed Password Attempts Ubuntu 22.04 The root account should be configured to deny access after the number of defined failed attempts has been reached. Lock Accounts Must Persist Ubuntu 22.04 Persist lockout account after reboot Ensure pam_faillock module is enabled Ubuntu 22.04 Enforce pam_faillock for Local Accounts Only Ubuntu 22.04 Enforce pam_faillock for Local Accounts Only Do Not Show System Messages When Unsuccessful Logon Attempts Occur Ubuntu 22.04 Prevent System Messages When Three Unsuccessful Logon Attempts Occur Set Lockout Time for Failed Password Attempts Ubuntu 22.04 Set Deny For Failed Password Attempts Ubuntu 22.04 The number of allowed failed logins should be set correctly. Configure the root Account lock for Failed Password Attempts via pam_tally2 Ubuntu 22.04 The root account should be configured to deny access after the number of defined failed attempts has been reached. An SELinux Context must be configured for default pam_tally2 file option Ubuntu 22.04 An SELinux Context faillog_t must be configured for the pam_tally2 file option. Set Lockout Time for Failed Password Attempts using pam_tally2 Ubuntu 22.04 The unlock time after number of failed logins should be set correctly. Configure PAMs passwd Module To Implement system-auth Substack When Changing Passwords Ubuntu 22.04 PAMs passwd module must implement the system-auth substack when changing passwords. Ensure PAM Enforces Password Requirements - Enforce for root User Ubuntu 22.04 The password policy should also be enforced for root. Verify pam_pwquality module is activated Ubuntu 22.04 Check pam_pwquality module is enabled Ensure PAM password complexity module is enabled in password-auth Ubuntu 22.04 The PAM module pam_pwquality is used in password-auth Ensure PAM password complexity module is enabled in system-auth Ubuntu 22.04 The PAM module pam_pwquality is used in system-auth Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session Ubuntu 22.04 The password retry should meet minimum requirements Set Password Hashing Algorithm for PAM Ubuntu 22.04 The password hashing algorithm should be set correctly in {{{ pam_file }}}. Set Password Hashing Algorithm in /etc/libuser.conf Ubuntu 22.04 The password hashing algorithm should be set correctly in /etc/libuser.conf. Set Password Hashing Algorithm in /etc/login.defs Ubuntu 22.04 The password hashing algorithm should be set correctly in /usr/etc/login.defs. Set PAM''s Password Hashing Algorithm - password-auth Ubuntu 22.04 The password hashing algorithm should be set correctly in /etc/pam.d/password-auth. Set PAM''s Password Hashing Algorithm Ubuntu 22.04 The password hashing algorithm should be set correctly in {{{ pam_file }}}. Set Password Hashing Minimum Rounds in /etc/login.defs Ubuntu 22.04 The password hashing minimum rounds should be set correctly in /etc/login.defs. Disable Ctrl-Alt-Del Burst Action Ubuntu 22.04 Configure the CtrlAltDelBurstAction setting in /etc/systemd/system.conf or /etc/systemd/system.conf.d/* to none to prevent a reboot if Ctrl-Alt-Delete is pressed more than 7 times in 2 seconds. Disable Ctrl-Alt-Del Reboot Activation Ubuntu 22.04 By default, the system will reboot when the Ctrl-Alt-Del key sequence is pressed. Verify that Interactive Boot is Disabled Ubuntu 22.04 The ability for users to perform interactive startups should be disabled. Configure Logind to terminate idle sessions after certain time of inactivity Ubuntu 22.04 Ensure 'StopIdleSessionSec' is configured with desired value in section 'Login' in /etc/systemd/logind.conf Require Authentication for Emergency Systemd Target Ubuntu 22.04 The requirement for a password to boot into emergency mode should be configured correctly. Require Authentication for Single User Mode Ubuntu 22.04 The requirement for a password to boot into single-user mode should be configured correctly. Support session locking with tmux Ubuntu 22.04 Check if tmux is configured to exec at the end of bashrc. Support session locking with tmux (not enforcing) Ubuntu 22.04 Check if tmux is configured to be launched at the end of bashrc. Configure tmux to lock session after inactivity Ubuntu 22.04 Check if tmux is configured to lock sessions after period of inactivity. Configure the tmux Lock Command Ubuntu 22.04 Check if the vlock command is configured to be used as a locking mechanism in tmux. Configure the tmux lock session key binding Ubuntu 22.04 Check if the lock-session command is bound to a key. Prevent user from disabling the screen lock Ubuntu 22.04 Check that tmux is not listed in /etc/shells Configure opensc Smart Card Drivers Ubuntu 22.04 Configure the organization's smart card driver so that only the smart card in use by the organization will be recognized by the system. Force opensc To Use Defined Smart Card Driver Ubuntu 22.04 Force opensc to use the organization's smart card driver so that only the smart card in use by the organization will be recognized by the system. Enable Smart Card Login Ubuntu 22.04 Enable Smart Card logins Configure Smart Card Certificate Authority Validation Ubuntu 22.04 Enable Smart Card CA Checks Configure Smart Card Certificate Status Checking Ubuntu 22.04 Enable Smart Card Login Configure Smart Card Local Cache of Revocation Data Ubuntu 22.04 Enable local cache of revocation data for PKI-based authentication Enable Smart Card Logins in PAM Ubuntu 22.04 Enable Smart Card logins using PAM Ensure All Accounts on the System Have Unique User IDs Ubuntu 22.04 All accounts on the system should have unique IDs for proper accountability. Only Authorized Local User Accounts Exist on Operating System Ubuntu 22.04 Besides the default operating system user, there should be no other users except the users that are authorized to exist locally on the operating system. Ensure All Groups on the System Have Unique Group ID Ubuntu 22.04 All groups on the system should have unique names for proper accountability. Ensure All Groups on the System Have Unique Group Names Ubuntu 22.04 All groups on the system should have unique names for proper accountability. Ensure nologin Shell is Not Listed in /etc/shells Ubuntu 22.04 The nologin shell should not be listed in /etc/shells. Set Account Expiration Following Inactivity in password-auth Ubuntu 22.04 The accounts should be configured to be disabled automatically after a period of inactivity. Set Account Expiration Following Inactivity in system-auth Ubuntu 22.04 The accounts should be configured to be disabled automatically after a period of inactivity. Set Account Expiration Following Inactivity Ubuntu 22.04 The accounts should be configured to expire automatically following password expiration. Ensure All Accounts on the System Have Unique Names Ubuntu 22.04 All accounts on the system should have unique names for proper accountability. Ensure shadow Group is Empty Ubuntu 22.04 Ensure shadow group is empty Set Password Maximum Age Ubuntu 22.04 The maximum password age policy should meet minimum requirements. Set Password Minimum Age Ubuntu 22.04 The minimum password age policy should be set appropriately. Set Password Minimum Length in login.defs Ubuntu 22.04 The password minimum length should be set appropriately. Set Existing Passwords Maximum Age Ubuntu 22.04 Set Existing Passwords Maximum Age Set Root Account Password Maximum Age Ubuntu 22.04 A maximum password age should be set for the root account Set Existing Passwords Minimum Age Ubuntu 22.04 Set Existing Passwords Maximum Age Set Existing Passwords Warning Age Ubuntu 22.04 Set Existing Passwords Warning Age Set Password Warning Age Ubuntu 22.04 The password expiration warning age should be set appropriately. Set existing passwords a period of inactivity before they been locked Ubuntu 22.04 Set existing passwords a period of inactivity before they been locked Verify All Account Password Hashes are Shadowed Ubuntu 22.04 All password hashes should be shadowed. Verify All Account Password Hashes are Shadowed with SHA512 Ubuntu 22.04 All password hashes should be shadowed. Ensure all users last password change date is in the past Ubuntu 22.04 All passwords last change date is in the past. Avoid using remember in pam_unix module Ubuntu 22.04 The pam_unix module should not include remember option Set number of Password Hashing Rounds - password-auth Ubuntu 22.04 The number of rounds for password hashing should be set correctly. Set number of Password Hashing Rounds - system-auth Ubuntu 22.04 The number of rounds for password hashing should be set correctly. All GIDs referenced in /etc/passwd must be defined in /etc/group Ubuntu 22.04 All GIDs referenced in /etc/passwd must be defined in /etc/group. Ensure no duplicate UIDs exist Ubuntu 22.04 Although the useradd program will not let you create a duplicate User ID (UID), it is possible for an administrator to manually edit the /etc/passwd file and change the UID field. Prevent Login to Accounts With Empty Password Ubuntu 22.04 The file /etc/pam.d/system-auth should not contain the nullok option Ensure There Are No Accounts With Blank or Null Passwords Ubuntu 22.04 The file /etc/shadow shows that there aren't empty passwords Prevent Login to Accounts With Empty Password Ubuntu 22.04 The file /etc/pam.d/common-* should not contain the nullok option Verify No .forward Files Exist Ubuntu 22.04 The .forward file specifies an email address to forward the user's mail to. Any .forward files should be removed. Ensure there are no legacy + NIS entries in /etc/group Ubuntu 22.04 No lines starting with + are in /etc/group Ensure there are no legacy + NIS entries in /etc/passwd Ubuntu 22.04 No lines starting with + are in /etc/passwd Ensure there are no legacy + NIS entries in /etc/shadow Ubuntu 22.04 No lines starting with + are in /etc/shadow Verify No netrc Files Exist Ubuntu 22.04 The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. Any .netrc files should be removed. Verify No .rhost Files Exist Ubuntu 22.04 Local system users should not have a .rhost file in their home directory. Verify Only Root Has UID 0 Ubuntu 22.04 Only the root account should be assigned a user id of 0. Verify Root Has A Primary GID 0 Ubuntu 22.04 The root account should have primary group of 0 Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty Ubuntu 22.04 Group referred by var_pam_wheel_group_for_su variable exists and has no members. Ensure root account access is controlled Ubuntu 22.04 Ensure root account access is controlled Ensure Authentication Required for Single User Mode Ubuntu 22.04 Ensure root password is configured Verify Only Group Root Has GID 0 Ubuntu 22.04 Only the root group should be assigned a GID of 0. Direct root Logins Not Allowed Ubuntu 22.04 Preventing direct root logins help ensure accountability for actions taken on the system using the root account. Verify Non-Interactive Accounts Are Locked Ubuntu 22.04 Ensure Accounts Without Valid Login Shell Are Locked Ensure that System Accounts Are Locked Ubuntu 22.04 Ensure that System Accounts Are Locked Ensure that System Accounts Do Not Run a Shell Upon Login Ubuntu 22.04 The root account is the only system account that should have a login shell. Direct root Logins Are Not Allowed Ubuntu 22.04 Direct root Logins Are Not Allowed Restrict Serial Port Root Logins Ubuntu 22.04 Preventing direct root login to serial port interfaces helps ensure accountability for actions taken on the system using the root account. Restrict Virtual Console Root Logins Ubuntu 22.04 Preventing direct root login to virtual console devices helps ensure accountability for actions taken on the system using the root account. Enforce usage of pam_wheel for su authentication Ubuntu 22.04 Only members of the wheel group should be able to authenticate through the su command. Enforce Usage of pam_wheel with Group Parameter for su Authentication Ubuntu 22.04 Only members of the group set in variable 'var_pam_wheel_group_for_su' should be able to authenticate through the su command. Ensure Home Directories are Created for New Users Ubuntu 22.04 CREATE_HOME should be enabled Ensure the Logon Failure Delay is Set Correctly in login.defs Ubuntu 22.04 The delay between failed authentication attempts should be set for all users specified in /etc/login.defs Limit the Number of Concurrent Login Sessions Allowed Per User Ubuntu 22.04 The maximum number of concurrent login sessions per user should meet minimum requirements. Configure Polyinstantiation of /tmp Directories Ubuntu 22.04 Configure Polyinstantiation of /var/tmp Directories Ubuntu 22.04 Set Interactive Session Timeout Ubuntu 22.04 Checks interactive shell timeout User Initialization Files Must Be Group-Owned By The Primary Group Ubuntu 22.04 User Initialization Files Must Be Group-Owned By The Primary Group User Initialization Files Must Not Run World-Writable Programs Ubuntu 22.04 User Initialization Files Must Not Execute World-Writable Programs User Initialization Files Must Be Owned By the Primary User Ubuntu 22.04 User Initialization Files Must Be Owned By the Primary User All Interactive Users Must Have A Home Directory Defined Ubuntu 22.04 All Interactive Users Must Have A Home Directory Defined All Interactive Users Home Directories Must Exist Ubuntu 22.04 All Interactive Users Home Directories Must Exist All User Files and Directories In The Home Directory Must Be Group-Owned By The Primary Group Ubuntu 22.04 All User Files and Directories In The Home Directory Must Be Group-Owned By The Primary Group All User Files and Directories In The Home Directory Must Have a Valid Owner Ubuntu 22.04 All User Files and Directories In The Home Directory Must Have a Valid Owner All User Files and Directories In The Home Directory Must Have Mode 0750 Or Less Permissive Ubuntu 22.04 All User Files and Directories In The Home Directory Must Have Mode 0750 Or Less Permissive Ensure users' .netrc Files are not group or world accessible Ubuntu 22.04 Netrc User File In The Home Directory Must Not be group or world accessible All Interactive User Home Directories Must Be Group-Owned By The Primary Group Ubuntu 22.04 All interactive user's Home Directories must be group-owned by its user All Interactive User Home Directories Must Be Owned By The Primary User Ubuntu 22.04 All interactive user's Home Directories must be owned by its user Ensure User Bash History File Has Correct Permissions Ubuntu 22.04 User Bash History File Has Correct Permissions Ensure All User Initialization Files Have Mode 0740 Or Less Permissive Ubuntu 22.04 User initialization files have mode 0740 or less permissive Ensure All User Initialization Files Have Mode 0740 Or Less Permissive Ubuntu 22.04 User initialization files have mode 0740 or less permissive All Interactive User Home Directories Must Have mode 0750 Or Less Permissive Ubuntu 22.04 All Interactive User Home Directories Must Have mode 0750 Or Less Permissive Ensure that User Home Directories are not Group-Writable or World-Readable Ubuntu 22.04 Ensure that User Home Directories are not Group-Writable or World-Readable Ensure that Root's Path Does Not Include World or Group-Writable Directories Ubuntu 22.04 Check each directory in root's path and make use it does not grant write permission to group and other Ensure that All Root's Path Directories Are Owned by Root Ubuntu 22.04 Check each directory in root's path and make sure it is owned by root Ensure that All Entries in The Path of Root Are Directories Ubuntu 22.04 Check each directory in root's path and ensure it is a directory Ensure that Root's Path Does Not Include Relative Paths or Null Directories Ubuntu 22.04 The environment variable PATH should be set correctly for the root user. Ensure the Default Bash Umask is Set Correctly Ubuntu 22.04 The default umask for users of the bash shell Ensure the Default C Shell Umask is Set Correctly Ubuntu 22.04 The default umask for users of the csh shell Ensure the Default Umask is Set Correctly in login.defs Ubuntu 22.04 The default umask for all users specified in {{{ login_defs_path }}} Ensure the Default Umask is Set Correctly in /etc/profile Ubuntu 22.04 The default umask for all users should be set correctly Ensure the Default Umask is Set Correctly For Interactive Users Ubuntu 22.04 Ensure the Default Umask is Set Correctly For Interactive Users Ensure the Root Bash Umask is Set Correctly Ubuntu 22.04 The umask for root user of the bash shell All AppArmor Profiles are in enforce or complain mode Ubuntu 22.04 Ensure AppArmor profiles are in enforce complain mode Ensure AppArmor is enabled in the bootloader configuration Ubuntu 22.04 Ensure AppArmor is enabled in the bootloader configuration Disable Recovery Booting Ubuntu 22.04 Recovery mode should be disabled. Configure kernel to trust the CPU random number generator Ubuntu 22.04 Ensure the kernel is configured to trust the CPU hardware random number generator. Set the Boot Loader Admin Username to a Non-Default Value Ubuntu 22.04 The grub2 boot loader superuser should have a username that is hard to guess. Boot Loader Is Not Installed On Removable Media Ubuntu 22.04 Ensure the system is not configured to use a boot loader on removable media. Set Boot Loader Password in grub2 Ubuntu 22.04 The grub2 boot loader should have password protection enabled. Set the UEFI Boot Loader Admin Username to a Non-Default Value Ubuntu 22.04 The grub2 boot loader superuser should have a username that is hard to guess. Set the UEFI Boot Loader Password Ubuntu 22.04 The UEFI grub2 boot loader should have password protection enabled. UEFI Boot Loader Is Not Installed On Removable Media Ubuntu 22.04 Ensure the system is not configured to use a boot loader on removable media. Ensure all zIPL boot entries are BLS compliant Ubuntu 22.04 Check if /etc/zipl.conf configures any boot entry Ensure zIPL bootmap is up to date Ubuntu 22.04 Check if /boot/bootmap is up to date Ensure debug-shell service is not enabled in zIPL Ubuntu 22.04 Ensure systemd.debug-shell option is not configured in the 'options' line in /boot/loader/entries/*.conf. Make sure that newly installed kernels won't have this option, it should not be configured in /etc/kernel/cmdline. Configure Low Address Space To Protect From User Allocation Ubuntu 22.04 The kernel config CONFIG_DEFAULT_MMAP_MIN_ADDR should have value 65536 on x86_64 and 32768 on aarch64 Ensure real-time clock is set to UTC Ubuntu 22.04 Ensure RTC is using UTC as its time base Ensure One Logging Service Is In Use Ubuntu 22.04 Ensure one logging service is in use Ensure rsyslog Default File Permissions Configured Ubuntu 22.04 FileCreateMode setting controls permissions applied to newly created files. Configure Logwatch HostLimit Line Ubuntu 22.04 Test if HostLimit line in logwatch.conf is set appropriately. Configure Logwatch SplitHosts Line Ubuntu 22.04 Check if SplitHosts line in logwatch.conf is set appropriately. Ensure cron Is Logging To Rsyslog Ubuntu 22.04 Rsyslog should be configured to capture cron messages. Ensure Rsyslog Authenticates Off-Loaded Audit Records Ubuntu 22.04 Rsyslogd must authenticate remote system its sending logs to. Ensure Rsyslog Encrypts Off-Loaded Audit Records Ubuntu 22.04 Rsyslogd must encrypt the off-loading of logs off of the system. Ensure Rsyslog Encrypts Off-Loaded Audit Records Ubuntu 22.04 Rsyslogd must encrypt the off-loading of logs off of the system. Ensure logging is configured Ubuntu 22.04 Syslog logs should be configured Ensure remote access methods are monitored in Rsyslog Ubuntu 22.04 Rsyslog should be configured to monitor remote access methods. Configure systemd-journal-upload TLS parameters: ServerKeyFile, ServerCertificateFile and TrustedCertificateFile Ubuntu 22.04 systemd-journal-upload server TLS configuration in /etc/systemd/journal-upload.conf Configure systemd-journal-upload URL Ubuntu 22.04 systemd-journal-upload URL in /etc/systemd/journal-upload.conf is configured Ensure Logrotate Runs Periodically Ubuntu 22.04 The frequency of automatic log files rotation performed by the logrotate utility should be configured to run daily Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server Ubuntu 22.04 rsyslogd should reject remote messages Ensure Logs Sent To Remote Host Ubuntu 22.04 Syslog logs should be sent to a remote loghost Configure TLS for rsyslog remote logging Ubuntu 22.04 Check that all needed TLS-related options are present Configure CA certificate for rsyslog remote logging Ubuntu 22.04 Check that the CA certificate path is set Ensure Only One Firewall Service is Active Ubuntu 22.04 Ensure Only One Firewall Service is Active Configure Multiple DNS Servers in /etc/resolv.conf Ubuntu 22.04 Multiple Domain Name System (DNS) Servers should be configured in /etc/resolv.conf. Disable Client Dynamic DNS Updates Ubuntu 22.04 Clients should not automatically update their own DNS record. Disable Zeroconf Networking Ubuntu 22.04 Disable Zeroconf automatic route assignment in the 169.254.0.0 subnet. Grant Or Deny System Access To Specific Hosts And Services Ubuntu 22.04 Configure the access control program to grant or deny access to specific hosts and services Prevent non-Privileged Users from Modifying Network Interfaces using nmcli Ubuntu 22.04 polkit is properly configured to prevent non-privileged users from changing networking settings Ensure System is Not Acting as a Network Sniffer Ubuntu 22.04 Disable the network sniffer Configure firewalld To Rate Limit Connections Ubuntu 22.04 Create a direct firewall rule to protect against DoS attacks by rate limiting incoming connections. Ensure firewall rules exist for all open ports Ubuntu 22.04 Make sure firewall rules exist for all open network ports,listening on non-loopback interfaces. Configure Firewalld to Restrict Loopback Traffic Ubuntu 22.04 Configure Firewalld to Restrict Loopback Traffic Configure Firewalld to Trust Loopback Traffic Ubuntu 22.04 Configure Firewalld to Trust Loopback Traffic Manually Assign IPv6 Router Address Ubuntu 22.04 Define default gateways for IPv6 traffic Use Privacy Extensions for Address Ubuntu 22.04 Enable privacy extensions for IPv6 Manually Assign Global IPv6 Address Ubuntu 22.04 Manually configure addresses for IPv6 Disable IPv6 Networking Support Automatic Loading Ubuntu 22.04 The disable option will allow the IPv6 module to be inserted, but prevent address assignment and activation of the network stack. Disable Support for RPC IPv6 Ubuntu 22.04 Disable ipv6 based rpc services Ensure nftables Rules are Permanent Ubuntu 22.04 Make sure that there is permanent nftables configuration file used to save and re-apply rules on reboot Enable DoS Protections in SuSEfirewall2 Ubuntu 22.04 Verify "SuSEfirewall2" is configured to protect the SUSE operating system against or limit the effects of DoS attacks. Deactivate Wireless Network Interfaces Ubuntu 22.04 All wireless interfaces should be disabled. Ensure All World-Writable Directories Are Owned by root User Ubuntu 22.04 All world writable directories should be owned by root. Verify that All World-Writable Directories Have Sticky Bits Set Ubuntu 22.04 The sticky bit should be set for all world-writable directories. Ensure All World-Writable Directories Are Owned by a System Account Ubuntu 22.04 All world writable directories should be owned by a system account. Ensure All World-Writable Directories Are Group Owned by a System Account Ubuntu 22.04 All world writable directories should be group owned by a system user. Verify that system commands directories have root as a group owner Ubuntu 22.04 Checks that directories /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin have root as a group owner Verify that system commands directories have root ownership Ubuntu 22.04 Checks that directories /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin are owned by root. Ensure All SGID Executables Are Authorized Ubuntu 22.04 Evaluates to true if all files with SGID set are owned by RPM packages. Ensure All SUID Executables Are Authorized Ubuntu 22.04 Evaluates to true if all files with SUID set are owned by RPM packages. Ensure No World-Writable Files Exist Ubuntu 22.04 The world-write permission should be disabled for all files. Ensure All Files Are Owned by a Group Ubuntu 22.04 All files should be owned by a group Ensure All Files And Directories Are Owned by a Group Ubuntu 22.04 All files should be owned by a group Verify Permissions and Ownership of Old Passwords File Ubuntu 22.04 Verify Permissions and Ownership of Old Passwords File Verify ownership of log files Ubuntu 22.04 Group owner of /var/log/* should be root or adm. Verify ownership of log files Ubuntu 22.04 Owner of /var/log/* should be root or syslog. Verify that system commands files are group owned by root or a system account Ubuntu 22.04 Checks that system commands in /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin are owned by system group. Verify that System Executables Have Root Ownership Ubuntu 22.04 Checks that /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin, /usr/local/sbin, /usr/libexec, and objects therein, are owned by root. Verify that System Executables Have Restrictive Permissions Ubuntu 22.04 Checks that binary files under /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin, /usr/local/sbin, and /usr/libexec are not group-writable or world-writable. Verify that system commands are protected from unauthorized access Ubuntu 22.04 Checks that system commands under /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin, and /usr/local/sbin are not group-writable or world-writable. Verify the system-wide library files in directories "/lib", "/lib64", "/usr/lib/" and "/usr/lib64" are group-owned by root or a required system account. Ubuntu 22.04 Verify the system-wide library files in directories /lib, /lib64, /usr/lib/ and /usr/lib64 are group-owned by root. Ensure rootfiles tmpfile.d is Configured Correctly Ubuntu 22.04 Ensure that tmpfiles for rootfiles is configured correctly. Add nodev Option to Non-Root Local Partitions Ubuntu 22.04 The nodev mount option prevents files from being interpreted as character or block devices. Legitimate character and block devices should exist in the /dev directory on the root partition or within chroot jails built for system services. All other locations should not allow character and block devices. Bind Mount /var/tmp To /tmp Ubuntu 22.04 The /var/tmp directory should be bind mounted to /tmp in order to consolidate temporary storage into one location protected by the same techniques as /tmp. Disable storing core dumps Ubuntu 22.04 The kernel 'kernel.core_pattern' parameter should be set to the appropriate value in both system configuration and system runtime. Disable storing core dumps Ubuntu 22.04 The kernel 'kernel.core_pattern' parameter should be set to an empty string in the system runtime. Disable storing core dumps Ubuntu 22.04 The kernel 'kernel.core_pattern' parameter should be set to an empty string in the system configuration. Disable Core Dumps for All Users Ubuntu 22.04 Core dumps for all users should be disabled Set Daemon Umask Ubuntu 22.04 The daemon umask should be set as appropriate Enable ExecShield via sysctl Ubuntu 22.04 The kernel runtime parameter 'kernel.exec-shield' should not be disabled and set to 1 on 32-bit systems. Enable NX or XD Support in the BIOS Ubuntu 22.04 The NX (no-execution) bit flag should be set on the system. Install PAE Kernel on Supported 32-bit x86 Systems Ubuntu 22.04 The RPM package kernel-PAE should be installed on 32-bit systems. Ensure SELinux Not Disabled in /etc/default/grub Ubuntu 22.04 Check if selinux=0 OR enforcing=0 within the GRUB2 configuration files, fail if found. Ensure No Device Files are Unlabeled by SELinux Ubuntu 22.04 All device files in /dev should be assigned an SELinux security context other than 'device_t' and 'unlabeled_t'. Ensure No Daemons are Unconfined by SELinux Ubuntu 22.04 All pids in /proc should be assigned an SELinux security context other than 'unconfined_service_t'. Elevate The SELinux Context When An Administrator Calls The Sudo Command Ubuntu 22.04 Elevate The SELinux Context When An Administrator Calls The Sudo Command Ensure SELinux is Not Disabled Ubuntu 22.04 SELinux is not Disabled. Ensure SELinux State is Enforcing Ubuntu 22.04 The SELinux state should be enforcing the local policy. Prefer to use a 64-bit Operating System when supported Ubuntu 22.04 Check if the system supports a 64-bit Operating System Encrypt Partitions Ubuntu 22.04 Verify all partitions are encrypted except /boot /boot/efi Make sure that the dconf databases are up-to-date with regards to respective keyfiles Ubuntu 22.04 Make sure that the dconf databases are up-to-date with regards to respective keyfiles. Configure GNOME3 DConf User Profile Ubuntu 22.04 The DConf User and gdm profiles should have the correct DB configured. Disable XWayland Ubuntu 22.04 Ensure 'WaylandEnable' is configured with value 'false in section 'daemon' in /etc/gdm/custom.conf Disable the GNOME3 Login Restart and Shutdown Buttons Ubuntu 22.04 Disable the GNOME3 Login GUI Restart and Shutdown buttons to all users on the login screen. Disable the GNOME3 Login User List Ubuntu 22.04 Disable the GNOME3 GUI listing of all known users on the login screen. Enable the GNOME3 Login Smartcard Authentication Ubuntu 22.04 Enable smartcard authentication in the GNOME3 Login GUI. Set the GNOME3 Login Number of Failures Ubuntu 22.04 Set the GNOME3 number of login failure attempts. Disable GDM Automatic Login Ubuntu 22.04 Disable the GNOME Display Manager (GDM) ability to allow users to automatically login. Disable GDM Guest Login Ubuntu 22.04 Disable the GNOME Display Manager (GDM) ability to allow guest users to login. Disable GDM Unattended or Automatic Login Ubuntu 22.04 Disable the GNOME Display Manager (GDM) ability to allow users to automatically login. Disable XDMCP in GDM Ubuntu 22.04 Ensure 'Enable' is configured with value 'false in section 'xdmcp' in /etc/gdm3/custom.conf Disable GNOME3 automount Ubuntu 22.04 The system's default desktop environment, GNOME3, will mount devices and removable media (such as DVDs, CDs and USB flash drives) whenever they are inserted into the system. Disable automount within GNOME3. Disable GNOME3 automount-open Ubuntu 22.04 The system's default desktop environment, GNOME3, will mount devices and removable media (such as DVDs, CDs and USB flash drives) whenever they are inserted into the system. Disable automount-open within GNOME3. Disable GNOME3 autorun Ubuntu 22.04 The system's default desktop environment, GNOME3, will mount devices and removable media (such as DVDs, CDs and USB flash drives) whenever they are inserted into the system. Disable autorun within GNOME3. Disable All GNOME3 Thumbnailers Ubuntu 22.04 The system's default desktop environment, GNOME3, uses a number of different thumbnailer programs to generate thumbnails for any new or modified content in an opened folder. Disable the execution of these thumbnail applications within GNOME3. Disable WIFI Network Connection Creation in GNOME3 Ubuntu 22.04 Disable the GNOME3 wireless network creation settings. Disable WIFI Network Notification in GNOME3 Ubuntu 22.04 Disable the GNOME3 wireless network notification. Require Credential Prompting for Remote Access in GNOME3 Ubuntu 22.04 Configure GNOME3 to require credential prompting for remote access. Require Encryption for Remote Access in GNOME3 Ubuntu 22.04 Configure GNOME3 to require encryption for remote access connections. Enable GNOME3 Screensaver Idle Activation Ubuntu 22.04 Idle activation of the screen saver should be enabled. Ensure Users Cannot Change GNOME3 Screensaver Idle Activation Ubuntu 22.04 Idle activation of the screen saver should not be changed by users. Set GNOME3 Screensaver Inactivity Timeout Ubuntu 22.04 The allowed period of inactivity before the screensaver is activated. Set GNOME3 Screensaver Lock Delay After Activation Period Ubuntu 22.04 Idle activation of the screen lock should be enabled immediately or after a delay. Enable GNOME3 Screensaver Lock After Idle Period Ubuntu 22.04 Idle activation of the screen lock should be enabled. Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period Ubuntu 22.04 Idle activation of the screen lock should not be changed by users. Implement Blank Screensaver Ubuntu 22.04 The GNOME3 screensaver should be blank. Disable Full User Name on Splash Shield Ubuntu 22.04 GNOME3 screen splash shield should not display full name of logged in user. Ensure Users Cannot Change GNOME3 Screensaver Settings Ubuntu 22.04 Ensure that users cannot change GNOME3 screensaver idle and lock settings. Ensure Users Cannot Change GNOME3 Session Idle Settings Ubuntu 22.04 Ensure that users cannot change GNOME3 session idle settings. Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3 Ubuntu 22.04 Disable the GNOME3 ctrl-alt-del reboot key sequence in GNOME3. Disable Geolocation in GNOME3 Ubuntu 22.04 Disable GNOME3 Geolocation for the clock and system. Disable Power Settings in GNOME3 Ubuntu 22.04 Disable GNOME3 power settings. Disable Prelinking Ubuntu 22.04 The prelinking feature can interfere with the operation of checksum integrity tools (e.g. AIDE), mitigates the protection provided by ASLR, and requires additional CPU cycles by software upgrades. The Installed Operating System Is FIPS 140-2 Certified Ubuntu 22.04 The operating system installed on the system is a certified operating system that meets FIPS 140-2 requirements. The Installed Operating System Is Vendor Supported Ubuntu 22.04 The operating system installed on the system is supported by a vendor that provides security patches. Configure BIND to use System Crypto Policy Ubuntu 22.04 BIND should be configured to use the system-wide crypto policy setting. Configure System Cryptography Policy Ubuntu 22.04 Ensure crypto policy is correctly configured in /etc/crypto-policies/config, and the policy is current. Configure GnuTLS library to use DoD-approved TLS Encryption Ubuntu 22.04 Check presence of +VERS-ALL:-VERS-DTLS0.9:-VERS-TLS1.1:-VERS-TLS1.0:-VERS-SSL3.0:-VERS-DTLS1.0 in /etc/crypto-policies/back-ends/gnutls.config Configure Kerberos to use System Crypto Policy Ubuntu 22.04 Kerberos should be configured to use the system-wide crypto policy setting. Configure Libreswan to use System Crypto Policy Ubuntu 22.04 Libreswan should be configured to use the system-wide crypto policy setting. Configure OpenSSL library to use System Crypto Policy Ubuntu 22.04 OpenSSL should be configured to use the system-wide crypto policy setting. Configure OpenSSL library to use TLS Encryption Ubuntu 22.04 Configure OpenSSL library to use TLS Encryption Configure SSH to use System Crypto Policy Ubuntu 22.04 SSH should be configured to use the system-wide crypto policy setting. Harden OpenSSL Crypto Policy Ubuntu 22.04 Ensure 'Ciphersuites' is configured with value 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256' in /etc/crypto-policies/back-ends/opensslcnf.config Harden SSH client Crypto Policy Ubuntu 22.04 Ensure the ssh client ciphers are configured correctly in /etc/ssh/ssh_config.d/02-ospp.conf Configure SSH Client to Use FIPS 140 Validated Ciphers: openssh.config Ubuntu 22.04 Limit the Ciphers to those which are FIPS-approved. Configure SSH Server to Use FIPS 140-2 Validated Ciphers: opensshserver.config Ubuntu 22.04 Limit the Ciphers to those which are FIPS-approved. Harden SSHD Crypto Policy Ubuntu 22.04 Ensure 'CRYPTO_POLICY' is configured with value ''-oCiphers=aes256-ctr,aes128-ctr,aes256-cbc,aes128-cbc -oMACs=hmac-sha2-512,hmac-sha2-256 -oGSSAPIKeyExchange=no -oKexAlgorithms=ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 -oPubkeyAcceptedKeyTypes=rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256'' in /etc/crypto-policies/back-ends/opensshserver.config Configure SSH Client to Use FIPS 140-2 Validated MACs: openssh.config Ubuntu 22.04 Limit the Message Authentication Codes (MACs) to those which are FIPS-approved. Configure SSH Server to Use FIPS 140-2 Validated MACs: opensshserver.config Ubuntu 22.04 Limit the Message Authentication Codes (MACs) to those which are FIPS-approved. OpenSSL uses strong entropy source Ubuntu 22.04 OpenSSL should be configured to generate random data with strong entropy. Install Virus Scanning Software Ubuntu 22.04 Antivirus software should be installed. Install Intrusion Detection Software Ubuntu 22.04 Install McAfee Host-Based Intrusion Detection Software (HBSS) Install Intrusion Detection Software Ubuntu 22.04 Intrusion detection software or SELinux should be installed and enabled. Install McAfee Virus Scanning Software Ubuntu 22.04 McAfee Antivirus software should be installed. Install the McAfee Runtime Libraries and Linux Agent Ubuntu 22.04 Install the McAfee Runtime Libraries (MFErt) and Linux Agent (MFEcma). Virus Scanning Software Definitions Are Updated Ubuntu 22.04 Verify that McAfee AntiVirus definitions have been updated. Ensure McAfee Endpoint Security for Linux (ENSL) is running Ubuntu 22.04 Ensure that McAfee Endpoint Security for Linux (ENSL) is running. Install the Asset Configuration Compliance Module (ACCM) Ubuntu 22.04 Install the Asset Configuration Compliance Module (ACCM). Install the Policy Auditor (PA) Module Ubuntu 22.04 Install the Policy Auditor (PA) Module. Enable Dracut FIPS Module Ubuntu 22.04 fips module should be enabled in Dracut configuration Enable FIPS Mode Ubuntu 22.04 Check if FIPS mode is enabled on the system Ensure '/etc/system-fips' exists Ubuntu 22.04 Check /etc/system-fips exists System Wide Crypto Policy Files Must Point to FIPS Policy Ubuntu 22.04 All system wide cryptopolicy symblinks should point to FIPS policy FIPS Must Use a Supported Subpolicy Ubuntu 22.04 No or the correct crypto sub-policy must be configured. Implement STIG Sub Crypto Policy Ubuntu 22.04 Ensure that the custom STIG Enable FIPS Mode in GRUB2 Ubuntu 22.04 Ensure fips=1 is configured in the kernel line in /etc/default/grub. Verify '/proc/sys/crypto/fips_enabled' exists Ubuntu 22.04 Inspect the contents of /proc/sys/crypto/fips_enabled Install the dracut-fips-aesni Package Ubuntu 22.04 The RPM package dracut-fips-aesni should be installed. Install the dracut-fips Package Ubuntu 22.04 The RPM package dracut-fips should be installed. Set kernel parameter 'crypto.fips_enabled' to 1 Ubuntu 22.04 The kernel 'crypto.fips_enabled' parameter should be set to '1' in system runtime. Verify that the system was booted with fips=1 Ubuntu 22.04 Inspect the contents of /proc/sys/crypto/fips_enabled Build and Test AIDE Database Ubuntu 22.04 The aide database must be initialized. Configure AIDE to Verify the Audit Tools Ubuntu 22.04 The Ubuntu 22.04 operating system file integrity tool must be configured to protect the integrity of the audit tools. Configure Systemd Timer Execution of AIDE Ubuntu 22.04 Make sure systemd timer is defined to run perodic AIDE check. Configure Periodic Execution of AIDE Ubuntu 22.04 By default, AIDE does not install itself for periodic execution. Periodically running AIDE is necessary to reveal unexpected changes in installed files. Configure Notification of Post-AIDE Scan Details Ubuntu 22.04 AIDE should notify appropriate personnel of the details of a scan after the scan has been run. Configure AIDE to Use FIPS 140-2 for Validating Hashes Ubuntu 22.04 AIDE should be configured to use the FIPS 140-2 cryptographic hashes. Configure AIDE to Verify Access Control Lists (ACLs) Ubuntu 22.04 AIDE should be configured to verify Access Control Lists (ACLs). Configure AIDE to Verify Extended Attributes Ubuntu 22.04 AIDE should be configured to verify extended file attributes. Verify crypto-policies with RPM Ubuntu 22.04 Verify the crypto-policies package using the RPM database. Verify File Hashes with RPM Ubuntu 22.04 Verify the RPM digests of system binaries using the RPM database. Verify and Correct Ownership with RPM Ubuntu 22.04 Verify ownership of installed packages by comparing the installed files with information about the files taken from the package metadata stored in the RPM database. Verify and Correct File Permissions with RPM Ubuntu 22.04 Verify the permissions of installed packages by comparing the installed files with information about the files taken from the package metadata stored in the RPM database. Only sidadm and orasid/oracle User Accounts Exist on Operating System Ubuntu 22.04 SAP system users sidadm/sapadm and orasid/oracle should be the only users besides the authorized usrs listed in var_accounts_authorized_local_users_regex that exist locally on the operating system. Limitation: only works with zero to one SAP system on each OS/VM. Ensure a dedicated group owns sudo Ubuntu 22.04 This test makes sure that /usr/bin/sudo is owned by the group set in var_sudo_dedicated_group Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate Ubuntu 22.04 Checks sudo usage without authentication Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD Ubuntu 22.04 Checks sudo usage without password Ensure Users Re-Authenticate for Privilege Escalation - sudo Ubuntu 22.04 Checks sudo usage without password Require Re-Authentication When Using the sudo Command Ubuntu 22.04 'Ensure sudo timestamp_timeout is appropriate - sudo timestamp_timeout The operating system must restrict privilege elevation to authorized personnel Ubuntu 22.04 Check that sudoers doesn't allow all users to run commands via sudo Only the VDSM User Can Use sudo NOPASSWD Ubuntu 22.04 Checks sudo usage for the vdsm user without a password Ensure sudo only includes the default configuration directory Ubuntu 22.04 Check if sudo includes only the default includedir Explicit arguments in sudo specifications Ubuntu 22.04 Check that sudoers doesn't contain commands without arguments specified Don't define allowed commands in sudoers by means of exclusion Ubuntu 22.04 Check that sudoers doesn't contain command negations Don't target root user in the sudoers file Ubuntu 22.04 Check that sudoers doesn't allow users to run commands as root Ensure invoking users password for privilege escalation when using sudo Ubuntu 22.04 Ensure invoking user's password for privilege escalation when using sudo Ensure APT Removes Previous Package Versions Ubuntu 22.04 Configure APT to remove all software components after updated versions have been installed. Disable Installation of Weak Dependencies in DNF Ubuntu 22.04 Ensure 'install_weak_deps' is configured with value '0' in section 'main' in /etc/dnf/dnf.conf Configure dnf-automatic to Install Available Updates Automatically Ubuntu 22.04 Ensure 'apply_updates' is configured with value 'yes in section 'commands' in /etc/dnf/automatic.conf Configure dnf-automatic to Install Only Security Updates Ubuntu 22.04 Ensure 'upgrade_type' is configured with value 'security in section 'commands' in /etc/dnf/automatic.conf Ensure gpgcheck Is Enabled for All Package Repositories Ubuntu 22.04 Ensure gpgcheck Is Enabled for All Package Repositories Ensure Fedora GPG Key Installed Ubuntu 22.04 The Fedora release key package is required to be installed. Ensure gpgcheck Enabled In Main apt_get Configuration Ubuntu 22.04 The gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its installation. Ensure gpgcheck Enabled for Local Packages Ubuntu 22.04 The localpkg_gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its installation. Ensure gpgcheck Enabled for All apt_get Package Repositories Ubuntu 22.04 Ensure all yum or dnf repositories utilize signature checking. Ensure gpgcheck Enabled for Repository Metadata Ubuntu 22.04 The repo_gpgcheck option should be used to ensure that checking of repository metadata always occurs. Ensure PAM Enforces Password Requirements - Minimum Digit Characters Ubuntu 22.04 The password dcredit should meet minimum requirements Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words Ubuntu 22.04 The password dictcheck should meet minimum requirements Ensure PAM Enforces Password Requirements - Minimum Different Characters Ubuntu 22.04 The password difok should meet minimum requirements Ensure PAM Enforces Password Requirements - Enforce for Local Accounts Only Ubuntu 22.04 Check presence of local_users_only in /etc/security/pwquality.conf Ensure PAM Enforces Password Requirements - Enforcing Ubuntu 22.04 Check presence of enforcing = 1 in /etc/security/pwquality.conf Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters Ubuntu 22.04 The password lcredit should meet minimum requirements Ensure PAM Enforces Password Requirements - Maximum Consecutive Repeating Characters from Same Character Class Ubuntu 22.04 The password maxclassrepeat should meet minimum requirements Set Password Maximum Consecutive Repeating Characters Ubuntu 22.04 The password maxrepeat should meet minimum requirements Limit the maximum number of sequential characters in passwords Ubuntu 22.04 The password maxsequence should meet minimum requirements Ensure PAM Enforces Password Requirements - Minimum Different Categories Ubuntu 22.04 The password minclass should meet minimum requirements Ensure PAM Enforces Password Requirements - Minimum Length Ubuntu 22.04 The password minlen should meet minimum requirements Ensure PAM Enforces Password Requirements - Minimum Special Characters Ubuntu 22.04 The password ocredit should meet minimum requirements Ensure Password History Is Enforced for the Root User Ubuntu 22.04 Check presence of enforce_for_root in /etc/security/pwhistory.conf Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session in /etc/security/pwquality.conf Ubuntu 22.04 The password retry should meet minimum requirements Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters Ubuntu 22.04 The password ucredit should meet minimum requirements Enforce Delay After Failed Logon Attempts Ubuntu 22.04 Configure PAM module Lock Accounts After Failed Password Attempts Ubuntu 22.04 Lockout account after failed login attempts. Set Interval For Counting Failed Password Attempts Ubuntu 22.04 The number of allowed failed logins should be set correctly. Set Root Lockout Time for Failed Password Attempts Ubuntu 22.04 The unlock time after number of failed logins should be set correctly. Set Lockout Time for Failed Password Attempts Ubuntu 22.04 The unlock time after number of failed logins should be set correctly. SLEM 5 must use the default pam_tally2 tally directory. Ubuntu 22.04 Configure PAM module Configure AIDE To Notify Personnel if Baseline Configurations Are Altered Ubuntu 22.04 Ensure 'SILENTREPORTS' is configured with value 'no' in /etc/default/aide Ensure AppArmor is Active and Configured Ubuntu 22.04 The apparmor service should be enabled if possible. Configure auditing of unsuccessful file accesses Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-3-access-failed.rules Configure auditing of unsuccessful file accesses (AArch64) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-3-access-failed.rules Configure auditing of unsuccessful file accesses (ppc64le) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-3-access-failed.rules Configure auditing of successful file accesses Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-3-access-success.rules Configure auditing of successful file accesses (AArch64) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-3-access-success.rules Configure auditing of successful file accesses (ppc64le) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-3-access-success.rules Configure basic parameters of Audit system Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/10-base-config.rules Configure auditing of unsuccessful file creations Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-1-create-failed.rules Configure auditing of unsuccessful file creations (AArch64) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-1-create-failed.rules Configure auditing of unsuccessful file creations (ppc64le) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-1-create-failed.rules Configure auditing of successful file creations Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-1-create-success.rules Configure auditing of successful file creations (AArch64) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-1-create-success.rules Configure auditing of successful file creations (ppc64le) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-1-create-success.rules Configure auditing of unsuccessful file deletions Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-4-delete-failed.rules Configure auditing of unsuccessful file deletions (AArch64) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-4-delete-failed.rules Configure auditing of unsuccessful file deletions (ppc64le) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-4-delete-failed.rules Configure auditing of successful file deletions Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-4-delete-success.rules Configure auditing of successful file deletions (AArch64) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-4-delete-success.rules Configure auditing of successful file deletions (ppc64le) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-4-delete-success.rules Configure immutable Audit login UIDs Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/11-loginuid.rules Configure auditing of unsuccessful file modifications Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-2-modify-failed.rules Configure auditing of unsuccessful file modifications (AARch64) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-2-modify-failed.rules Configure auditing of unsuccessful file modifications (ppc64le) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-2-modify-failed.rules Configure auditing of successful file modifications Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-2-modify-success.rules Configure auditing of successful file modifications (AArch64) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-2-modify-success.rules Configure auditing of successful file modifications (ppc64le) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-2-modify-success.rules Configure auditing of loading and unloading of kernel modules Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/43-module-load.rules Configure auditing of loading and unloading of kernel modules (ppc64le) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/43-module-load.rules Perform general configuration of Audit for OSPP Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42.rules Perform general configuration of Audit for OSPP (AArch64) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42.rules Perform general configuration of Audit for OSPP (ppc64le) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42.rules Configure auditing of unsuccessful ownership changes Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-6-owner-change-failed.rules Configure auditing of unsuccessful ownership changes (AArch64) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-6-owner-change-failed.rules Configure auditing of unsuccessful ownership changes (ppc64le) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-6-owner-change-failed.rules Configure auditing of successful ownership changes Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-6-owner-change-success.rules Configure auditing of successful ownership changes (AArch64) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-6-owner-change-success.rules Configure auditing of successful ownership changes (ppc64le) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-6-owner-change-success.rules Configure auditing of unsuccessful permission changes Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-5-perm-change-failed.rules Configure auditing of unsuccessful permission changes (AArch64) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-5-perm-change-failed.rules Configure auditing of unsuccessful permission changes (ppc64le) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-5-perm-change-failed.rules Configure auditing of successful permission changes Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-5-perm-change-success.rules Configure auditing of successful permission changes (AArch64) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-5-perm-change-success.rules Configure auditing of successful permission changes (ppc64le) Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/30-ospp-v42-5-perm-change-success.rules Ensure auditd Collects Information on the Use of Privileged Commands - init Ubuntu 22.04 Audit rules about the information on the use of init is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - poweroff Ubuntu 22.04 Audit rules about the information on the use of poweroff is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - reboot Ubuntu 22.04 Audit rules about the information on the use of reboot is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - shutdown Ubuntu 22.04 Audit rules about the information on the use of shutdown is enabled. Record Events that Modify the System's Discretionary Access Controls - chmod Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Events that Modify the System's Discretionary Access Controls - chown Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Events that Modify the System's Discretionary Access Controls - fchmod Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Events that Modify the System's Discretionary Access Controls - fchmodat Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Events that Modify the System's Discretionary Access Controls - fchmodat2 Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Events that Modify the System's Discretionary Access Controls - fchown Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Events that Modify the System's Discretionary Access Controls - fchownat Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Events that Modify the System's Discretionary Access Controls - fremovexattr Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Events that Modify the System's Discretionary Access Controls - fsetxattr Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Events that Modify the System's Discretionary Access Controls - lchown Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Events that Modify the System's Discretionary Access Controls - lremovexattr Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Events that Modify the System's Discretionary Access Controls - lsetxattr Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Events that Modify the System's Discretionary Access Controls - removexattr Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Events that Modify the System's Discretionary Access Controls - setxattr Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Events that Modify the System's Discretionary Access Controls - umount2 Ubuntu 22.04 The changing of file permissions and attributes should be audited. Ensure auditd Collects Changes to Cron Jobs - /etc/cron.d/ Ubuntu 22.04 Check if actions on '/etc/cron.d/' are configured to be audited Record Events that Modify User/Group Information via open syscall - /etc/group Ubuntu 22.04 Audit rules about the write events to /etc/group Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group Ubuntu 22.04 Audit rules about the write events to /etc/group Record Events that Modify User/Group Information via openat syscall - /etc/group Ubuntu 22.04 Audit rules about the write events to /etc/group Record Events that Modify User/Group Information via open syscall - /etc/gshadow Ubuntu 22.04 Audit rules about the write events to /etc/gshadow Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow Ubuntu 22.04 Audit rules about the write events to /etc/gshadow Record Events that Modify User/Group Information via openat syscall - /etc/gshadow Ubuntu 22.04 Audit rules about the write events to /etc/gshadow Record Events that Modify User/Group Information via open syscall - /etc/passwd Ubuntu 22.04 Audit rules about the write events to /etc/passwd Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd Ubuntu 22.04 Audit rules about the write events to /etc/passwd Record Events that Modify User/Group Information via openat syscall - /etc/passwd Ubuntu 22.04 Audit rules about the write events to /etc/passwd Record Events that Modify User/Group Information via open syscall - /etc/shadow Ubuntu 22.04 Audit rules about the write events to /etc/shadow Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow Ubuntu 22.04 Audit rules about the write events to /etc/shadow Record Events that Modify User/Group Information via openat syscall - /etc/shadow Ubuntu 22.04 Audit rules about the write events to /etc/shadow Record Any Attempts to Run chacl Ubuntu 22.04 Audit rules about the information on the use of chacl is enabled. Record Any Attempts to Run chcon Ubuntu 22.04 Audit rules about the information on the use of chcon is enabled. Record Any Attempts to Run chmod Ubuntu 22.04 Audit rules about the information on the use of chmod is enabled. Record Any Attempts to Run restorecon Ubuntu 22.04 Audit rules about the information on the use of restorecon is enabled. Record Any Attempts to Run rm Ubuntu 22.04 Audit rules about the information on the use of rm is enabled. Record Any Attempts to Run semanage Ubuntu 22.04 Audit rules about the information on the use of semanage is enabled. Record Any Attempts to Run setfacl Ubuntu 22.04 Audit rules about the information on the use of setfacl is enabled. Record Any Attempts to Run setfiles Ubuntu 22.04 Audit rules about the information on the use of setfiles is enabled. Record Any Attempts to Run setsebool Ubuntu 22.04 Audit rules about the information on the use of setsebool is enabled. Record Any Attempts to Run seunshare Ubuntu 22.04 Audit rules about the information on the use of seunshare is enabled. Ensure auditd Collects File Deletion Events by User - rename Ubuntu 22.04 The deletion of files should be audited. Ensure auditd Collects File Deletion Events by User - renameat Ubuntu 22.04 The deletion of files should be audited. Ensure auditd Collects File Deletion Events by User - renameat2 Ubuntu 22.04 The deletion of files should be audited. Ensure auditd Collects File Deletion Events by User - rmdir Ubuntu 22.04 The deletion of files should be audited. Ensure auditd Collects File Deletion Events by User - unlink Ubuntu 22.04 The deletion of files should be audited. Ensure auditd Collects File Deletion Events by User - unlinkat Ubuntu 22.04 The deletion of files should be audited. Ensure auditd Collects Information on Kernel Module Unloading - create_module Ubuntu 22.04 The audit rules should be configured to log information about kernel module loading and unloading. Ensure auditd Collects Information on Kernel Module Unloading - delete_module Ubuntu 22.04 The audit rules should be configured to log information about kernel module loading and unloading. Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module Ubuntu 22.04 The audit rules should be configured to log information about kernel module loading and unloading. Ensure auditd Collects Information on Kernel Module Loading - init_module Ubuntu 22.04 The audit rules should be configured to log information about kernel module loading and unloading. Ensure auditd Collects Information on Kernel Module Loading and Unloading - query_module Ubuntu 22.04 The audit rules should be configured to log information about kernel module loading and unloading. Record Attempts to Alter Logon and Logout Events - faillock Ubuntu 22.04 Check if actions on path specified in the 'var_accounts_passwords_pam_faillock_dir' variable are configured to be audited Record Attempts to Alter Logon and Logout Events - faillog Ubuntu 22.04 Check if actions on '/var/log/faillog' are configured to be audited Record Attempts to Alter Logon and Logout Events - lastlog Ubuntu 22.04 Check if actions on '/var/log/lastlog' are configured to be audited Record Attempts to Alter Logon and Logout Events - tallylog Ubuntu 22.04 Check if actions on '/var/log/tallylog' are configured to be audited Record Events that Modify the System's Mandatory Access Controls (/etc/apparmor) Ubuntu 22.04 Check if actions on '/etc/apparmor' are configured to be audited Record Events that Modify the System's Mandatory Access Controls (/etc/apparmor.d) Ubuntu 22.04 Check if actions on '/etc/apparmor.d' are configured to be audited Record Events that Modify the System's Mandatory Access Controls (/etc/selinux) Ubuntu 22.04 Check if actions on '/etc/selinux/' are configured to be audited Record Events that Modify the System's Mandatory Access Controls in usr/share Ubuntu 22.04 Check if actions on '/usr/share/selinux/' are configured to be audited Ensure auditd Collects Information on Exporting to Media (successful) Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Events that Modify the System's Network Environment - /etc/hosts Ubuntu 22.04 Check if actions on '/etc/hosts' are configured to be audited Record Events that Modify the System's Network Environment - /etc/issue Ubuntu 22.04 Check if actions on '/etc/issue' are configured to be audited Record Events that Modify the System's Network Environment - /etc/issue.net Ubuntu 22.04 Check if actions on '/etc/issue.net' are configured to be audited Record Events that Modify the System's Network Environment - /etc/NetworkManager/system-connections/ Ubuntu 22.04 Check if actions on '/etc/NetworkManager/system-connections/' are configured to be audited Record Events that Modify the System's Network Environment - /etc/sysconfig/network Ubuntu 22.04 Check if actions on '/etc/sysconfig/network' are configured to be audited Record Events that Modify the System's Network Environment - /etc/hostname Ubuntu 22.04 Check if actions on '/etc/hostname' are configured to be audited Record Events that Modify the System's Network Environment - /etc/sysconfig/network-scripts Ubuntu 22.04 Check if actions on '/etc/sysconfig/network-scripts' are configured to be audited Record Events that Modify the System's Network Environment - /etc/NetworkManager/ Ubuntu 22.04 Check if actions on '/etc/NetworkManager' are configured to be audited Record Events that Modify the System's Network Environment - setdomainname Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Events that Modify the System's Network Environment - sethostname Ubuntu 22.04 The changing of file permissions and attributes should be audited. Record Any Attempts to Run apparmor_parser Ubuntu 22.04 Audit rules about the information on the use of apparmor_parser is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - at Ubuntu 22.04 Audit rules about the information on the use of at is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - chage Ubuntu 22.04 Audit rules about the information on the use of chage is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - chfn Ubuntu 22.04 Audit rules about the information on the use of chfn is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - chsh Ubuntu 22.04 Audit rules about the information on the use of chsh is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - crontab Ubuntu 22.04 Audit rules about the information on the use of crontab is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - dbus helper Ubuntu 22.04 Audit rules about the information on the use of dbus_daemon_launch_helper_1 is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - fusermount Ubuntu 22.04 Audit rules about the information on the use of fusermount is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - fusermount3 Ubuntu 22.04 Audit rules about the information on the use of fusermount3 is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd Ubuntu 22.04 Audit rules about the information on the use of gpasswd is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - grub2_set_bootflag Ubuntu 22.04 Audit rules about the information on the use of grub2_set_bootflag is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - mount Ubuntu 22.04 Audit rules about the information on the use of mount is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - mount.nfs Ubuntu 22.04 Audit rules about the information on the use of mount_nfs is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap Ubuntu 22.04 Audit rules about the information on the use of newgidmap is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - newgrp Ubuntu 22.04 Audit rules about the information on the use of newgrp is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap Ubuntu 22.04 Audit rules about the information on the use of newuidmap is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check Ubuntu 22.04 Audit rules about the information on the use of pam_timestamp_check is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - passmass Ubuntu 22.04 Audit rules about the information on the use of passmass is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - passwd Ubuntu 22.04 Audit rules about the information on the use of passwd is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - pkexec Ubuntu 22.04 Audit rules about the information on the use of pkexec is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - polkit helper Ubuntu 22.04 Audit rules about the information on the use of polkit_agent_helper_1 is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - postdrop Ubuntu 22.04 Audit rules about the information on the use of postdrop is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - postqueue Ubuntu 22.04 Audit rules about the information on the use of postqueue is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown Ubuntu 22.04 Audit rules about the information on the use of pt_chown is enabled. Record Any Attempts to Run ssh-agent Ubuntu 22.04 Audit rules about the information on the use of ssh_agent is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign Ubuntu 22.04 Audit rules about the information on the use of ssh_keysign is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - sssd_krb5_child Ubuntu 22.04 Audit rules about the information on the use of krb5_child is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - sssd_ldap_child Ubuntu 22.04 Audit rules about the information on the use of ldap_child is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - sssd_proxy_child Ubuntu 22.04 Audit rules about the information on the use of proxy_child is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - sssd_selinux_child Ubuntu 22.04 Audit rules about the information on the use of selinux_child is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - su Ubuntu 22.04 Audit rules about the information on the use of su is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - sudo Ubuntu 22.04 Audit rules about the information on the use of sudo is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit Ubuntu 22.04 Audit rules about the information on the use of sudoedit is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - umount Ubuntu 22.04 Audit rules about the information on the use of umount is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - unix2_chkpwd Ubuntu 22.04 Audit rules about the information on the use of unix2_chkpwd is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd Ubuntu 22.04 Audit rules about the information on the use of unix_chkpwd is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - unix_update Ubuntu 22.04 Audit rules about the information on the use of unix_update is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - userhelper Ubuntu 22.04 Audit rules about the information on the use of userhelper is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - usermod Ubuntu 22.04 Audit rules about the information on the use of usermod is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl Ubuntu 22.04 Audit rules about the information on the use of usernetctl is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - utempter Ubuntu 22.04 Audit rules about the information on the use of utempter is enabled. Ensure auditd Collects Information on the Use of Privileged Commands - write Ubuntu 22.04 Audit rules about the information on the use of write is enabled. Record Attempts to Alter Process and Session Initiation Information btmp Ubuntu 22.04 Check if actions on '/var/log/btmp' are configured to be audited Record Attempts to Alter Process and Session Initiation Information utmp Ubuntu 22.04 Check if actions on '/var/run/utmp' are configured to be audited Record Attempts to Alter Process and Session Initiation Information wtmp Ubuntu 22.04 Check if actions on '/var/log/wtmp' are configured to be audited Ensure auditd Collects System Administrator Actions - /etc/sudoers Ubuntu 22.04 Check if actions on '/etc/sudoers' are configured to be audited Ensure auditd Collects System Administrator Actions - /etc/sudoers.d/ Ubuntu 22.04 Check if actions on '/etc/sudoers.d/' are configured to be audited Record Attempts to Alter the localtime File Ubuntu 22.04 Check if actions on '/etc/localtime' are configured to be audited Record Unsuccessful Permission Changes to Files - chmod Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Ownership Changes to Files - chown Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Access Attempts to Files - creat Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Permission Changes to Files - fchmod Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Permission Changes to Files - fchmodat Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Ownership Changes to Files - fchown Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Ownership Changes to Files - fchownat Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Permission Changes to Files - fremovexattr Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Permission Changes to Files - fsetxattr Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Access Attempts to Files - ftruncate Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Ownership Changes to Files - lchown Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Permission Changes to Files - lremovexattr Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Permission Changes to Files - lsetxattr Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Access Attempts to Files - open Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Access Attempts to Files - open_by_handle_at Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT Ubuntu 22.04 Audit rules about the information on the unsuccessful use of open_by_handle_at O_CREAT is enabled. Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE Ubuntu 22.04 Audit rules about the information on the unsuccessful use of open_by_handle_at O_TRUNC is enabled. Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly Ubuntu 22.04 Audit rules about the information on the unsuccessful use of open_by_handle_at is configured in the proper rule order. Record Unsuccessful Creation Attempts to Files - open O_CREAT Ubuntu 22.04 Audit rules about the information on the unsuccessful use of open O_CREAT is enabled. Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE Ubuntu 22.04 Audit rules about the information on the unsuccessful use of open O_TRUNC is enabled. Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly Ubuntu 22.04 Audit rules about the information on the unsuccessful use of open is configured in the proper rule order. Record Unsuccessful Access Attempts to Files - openat Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Creation Attempts to Files - openat O_CREAT Ubuntu 22.04 Audit rules about the information on the unsuccessful use of openat O_CREAT is enabled. Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE Ubuntu 22.04 Audit rules about the information on the unsuccessful use of openat O_TRUNC is enabled. Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly Ubuntu 22.04 Audit rules about the information on the unsuccessful use of openat is configured in the proper rule order. Record Unsuccessful Permission Changes to Files - removexattr Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Delete Attempts to Files - rename Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Delete Attempts to Files - renameat Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Delete Attempts to Files - renameat2 Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Permission Changes to Files - setxattr Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Access Attempts to Files - truncate Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Delete Attempts to Files - unlink Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Unsuccessful Delete Attempts to Files - unlinkat Ubuntu 22.04 Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled. Record Events that Modify User/Group Information - /etc/group Ubuntu 22.04 Check if actions on '/etc/group' are configured to be audited Record Events that Modify User/Group Information - /etc/gshadow Ubuntu 22.04 Check if actions on '/etc/gshadow' are configured to be audited Record Events that Modify User/Group Information - /etc/nsswitch.conf Ubuntu 22.04 Check if actions on '/etc/nsswitch.conf' are configured to be audited Record Events that Modify User/Group Information - /etc/security/opasswd Ubuntu 22.04 Check if actions on '/etc/security/opasswd' are configured to be audited Record Events that Modify User/Group Information - /etc/pam.conf Ubuntu 22.04 Check if actions on '/etc/pam.conf' are configured to be audited Record Events that Modify User/Group Information - /etc/pam.d/ Ubuntu 22.04 Check if actions on '/etc/pam.d/' are configured to be audited Record Events that Modify User/Group Information - /etc/passwd Ubuntu 22.04 Check if actions on '/etc/passwd' are configured to be audited Record Events that Modify User/Group Information - /etc/shadow Ubuntu 22.04 Check if actions on '/etc/shadow' are configured to be audited Ensure auditd Collects records for events that affect "/var/log/journal" Ubuntu 22.04 Check if actions on '/var/log/journal/' are configured to be audited Ensure auditd Collects Changes to Cron Jobs - /var/spool/cron Ubuntu 22.04 Check if actions on '/var/spool/cron' are configured to be audited Record Attempts to perform maintenance activities Ubuntu 22.04 Check if actions on '/var/log/sudo.log' are configured to be audited Configure auditd to use audispd's remote logging daemon Ubuntu 22.04 Ensure 'active' is configured with value 'yes' in /etc/audit/plugins.d/au-remote.conf Ensure the audispd's remote logging daemon direction is correct Ubuntu 22.04 Ensure 'direction' is configured with value 'out' in /etc/audit/plugins.d/au-remote.conf Ensure the audispd's remote logging daemon executable is correct Ubuntu 22.04 Ensure 'path' is configured with value '/sbin/audisp-remote' in /etc/audit/plugins.d/au-remote.conf Ensure the audispd's remote logging daemon type is correct Ubuntu 22.04 Ensure 'type' is configured with value 'always' in /etc/audit/plugins.d/au-remote.conf Set number of records to cause an explicit flush to audit logs Ubuntu 22.04 Ensure 'freq' is configured with value configured through XCCDF variable var_auditd_freq' in /etc/audit/auditd.conf Include Local Events in Audit Logs Ubuntu 22.04 Ensure 'local_events' is configured with value 'yes' in /etc/audit/auditd.conf Resolve information before writing to audit logs Ubuntu 22.04 Ensure 'log_format' is configured with value 'ENRICHED' in /etc/audit/auditd.conf Write Audit Logs to the Disk Ubuntu 22.04 Ensure 'write_logs' is configured with value 'yes' in /etc/audit/auditd.conf Ensure Local Login Warning Banner Is Configured Properly Ubuntu 22.04 Check that /etc/issue does not contain OS and version information Ensure Remote Login Warning Banner Is Configured Properly Ubuntu 22.04 Check that /etc/issue.net does not contain OS and version information Ensure Message Of The Day Is Configured Properly Ubuntu 22.04 Check that /etc/motd does not contain OS and version information Synchronize internal information system clocks Ubuntu 22.04 Ensure 'makestep' is configured with value '1 -1' in /etc/chrony/chrony.conf Implement Custom Crypto Policy Modules for CIS Benchmark Ubuntu 22.04 Ensure that the custom crypto policy module is configured Log USBGuard daemon audit events using Linux Audit Ubuntu 22.04 Ensure 'AuditBackend' is configured with value 'LinuxAudit' in /etc/usbguard/usbguard-daemon.conf Disable core dump backtraces Ubuntu 22.04 Ensure 'ProcessSizeMax' is configured with value '0' in section 'Coredump' in /etc/systemd/coredump.conf Disable storing core dump Ubuntu 22.04 Ensure 'Storage' is configured with value 'none' in section 'Coredump' in /etc/systemd/coredump.conf Extend Audit Backlog Limit for the Audit Daemon Ubuntu 22.04 Ensure audit_backlog_limit=8192 argument is present in the 'options' line of /boot/loader/entries/ostree-2-*.conf (or ostree-1-*.conf if there is no ostree-2-*.conf as ostree has only two enries at the most, with *-2-*.conf entry always being the most recent). Also, ensure that kernel is currently running with this argument by checking /proc/cmdline. Enable Auditing for Processes Which Start Prior to the Audit Daemon Ubuntu 22.04 Ensure audit=1 argument is present in the 'options' line of /boot/loader/entries/ostree-2-*.conf (or ostree-1-*.conf if there is no ostree-2-*.conf as ostree has only two enries at the most, with *-2-*.conf entry always being the most recent). Also, ensure that kernel is currently running with this argument by checking /proc/cmdline. Verify that Interactive Boot is Disabled Ubuntu 22.04 Ensure systemd.confirm_spawn=(?:1|yes|true|on) argument is not present in the 'options' line of /boot/loader/entries/ostree-2-*.conf (or ostree-1-*.conf if there is no ostree-2-*.conf as ostree has only two enries at the most, with *-2-*.conf entry always being the most recent). Also, ensure that kernel is currently running with this argument by checking /proc/cmdline. Ensure SELinux Not Disabled in the kernel arguments Ubuntu 22.04 Ensure selinux=0 argument is not present in the 'options' line of /boot/loader/entries/ostree-2-*.conf (or ostree-1-*.conf if there is no ostree-2-*.conf as ostree has only two enries at the most, with *-2-*.conf entry always being the most recent). Also, ensure that kernel is currently running with this argument by checking /proc/cmdline. Disable Kernel Support for USB via Bootloader Configuration Ubuntu 22.04 Ensure nousb argument is present in the 'options' line of /boot/loader/entries/ostree-2-*.conf (or ostree-1-*.conf if there is no ostree-2-*.conf as ostree has only two enries at the most, with *-2-*.conf entry always being the most recent). Also, ensure that kernel is currently running with this argument by checking /proc/cmdline. Enable page allocator poisoning Ubuntu 22.04 Ensure page_poison=1 argument is present in the 'options' line of /boot/loader/entries/ostree-2-*.conf (or ostree-1-*.conf if there is no ostree-2-*.conf as ostree has only two enries at the most, with *-2-*.conf entry always being the most recent). Also, ensure that kernel is currently running with this argument by checking /proc/cmdline. Enable Kernel Page-Table Isolation (KPTI) Ubuntu 22.04 Ensure pti=on argument is present in the 'options' line of /boot/loader/entries/ostree-2-*.conf (or ostree-1-*.conf if there is no ostree-2-*.conf as ostree has only two enries at the most, with *-2-*.conf entry always being the most recent). Also, ensure that kernel is currently running with this argument by checking /proc/cmdline. Enable SLUB/SLAB allocator poisoning Ubuntu 22.04 Ensure slub_debug=P argument is present in the 'options' line of /boot/loader/entries/ostree-2-*.conf (or ostree-1-*.conf if there is no ostree-2-*.conf as ostree has only two enries at the most, with *-2-*.conf entry always being the most recent). Also, ensure that kernel is currently running with this argument by checking /proc/cmdline. Disable vsyscalls Ubuntu 22.04 Ensure vsyscall=none argument is present in the 'options' line of /boot/loader/entries/ostree-2-*.conf (or ostree-1-*.conf if there is no ostree-2-*.conf as ostree has only two enries at the most, with *-2-*.conf entry always being the most recent). Also, ensure that kernel is currently running with this argument by checking /proc/cmdline. Set Password Strength Minimum Digit Characters Ubuntu 22.04 Configure PAM module Set Password Strength Minimum Different Characters Ubuntu 22.04 Configure PAM module Set Password Strength Minimum Lowercase Characters Ubuntu 22.04 Configure PAM module Set Password Minimum Length Ubuntu 22.04 Configure PAM module Set Password Strength Minimum Special Characters Ubuntu 22.04 Configure PAM module Set Password Retry Limit Ubuntu 22.04 Configure PAM module Set Password Strength Minimum Uppercase Characters Ubuntu 22.04 Configure PAM module Disable User Administration in GNOME3 Ubuntu 22.04 Ensure 'user-administration-disabled' is configured with value 'true in section 'org/gnome/desktop/lockdown' in /etc/dconf/db/local.d/ Enable the GNOME3 Screen Locking On Smartcard Removal Ubuntu 22.04 Ensure 'removal-action' is configured with value ''lock-screen' in section 'org/gnome/settings-daemon/peripherals/smartcard' in /etc/dconf/db/local.d/ Verify that Shared Library Directories Have Root Group Ownership Ubuntu 22.04 This test makes sure that /lib/, /lib64/, /usr/lib/, /usr/lib64/ is group owned by 0. Verify group-owner of system journal directories Ubuntu 22.04 This test makes sure that /run/log/journal/, /var/log/journal/ is group owned by systemd-journal. Verify that system commands directories are group owned by root Ubuntu 22.04 This test makes sure that /bin/, /sbin/, /usr/bin/, /usr/sbin/, /usr/local/bin/, /usr/local/sbin/ is group owned by 0. Verify owner of system journal directories Ubuntu 22.04 This test makes sure that /run/log/journal/, /var/log/journal/ is owned by 0. Verify that System Executable Have Root Ownership Ubuntu 22.04 This test makes sure that /bin/, /sbin/, /usr/bin/, /usr/sbin/, /usr/local/bin/, /usr/local/sbin/ is owned by 0. Verify that Shared Library Directories Have Root Ownership Ubuntu 22.04 This test makes sure that /lib/, /lib64/, /usr/lib/, /usr/lib64/ is owned by 0. Verify that System Executable Directories Have Restrictive Permissions Ubuntu 22.04 This test makes sure that /bin/, /sbin/, /usr/bin/, /usr/sbin/, /usr/local/bin/, /usr/local/sbin/ has mode 0755. If the target file or directory has an extended ACL, then it will fail the mode check. Verify that Shared Library Directories Have Restrictive Permissions Ubuntu 22.04 This test makes sure that /lib/, /lib64/, /usr/lib/, /usr/lib64/ has mode 7755. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on the system journal directories Ubuntu 22.04 This test makes sure that /run/log/journal/, /var/log/journal/ has mode 2750. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Group Who Owns /etc/ipsec.d Directory Ubuntu 22.04 This test makes sure that /etc/ipsec.d/ is group owned by root. Verify Group Who Owns /etc/iptables Directory Ubuntu 22.04 This test makes sure that /etc/iptables/ is group owned by root. Verify Group Who Owns /etc/nftables Directory Ubuntu 22.04 This test makes sure that /etc/nftables/ is group owned by root. Verify Group Who Owns /etc/selinux Directory Ubuntu 22.04 This test makes sure that /etc/selinux/ is group owned by root. Verify Group Who Owns /etc/sudoers.d Directory Ubuntu 22.04 This test makes sure that /etc/sudoers.d/ is group owned by root. Verify Group Who Owns /etc/sysctl.d Directory Ubuntu 22.04 This test makes sure that /etc/sysctl.d/ is group owned by root. Verify Group Who Owns SSH Server Configuration Files Ubuntu 22.04 This test makes sure that /etc/ssh/sshd_config.d/ is group owned by 0. Verify User Who Owns /etc/ipsec.d Directory Ubuntu 22.04 This test makes sure that /etc/ipsec.d/ is owned by 0. Verify User Who Owns /etc/iptables Directory Ubuntu 22.04 This test makes sure that /etc/iptables/ is owned by 0. Verify User Who Owns /etc/nftables Directory Ubuntu 22.04 This test makes sure that /etc/nftables/ is owned by 0. Verify User Who Owns /etc/selinux Directory Ubuntu 22.04 This test makes sure that /etc/selinux/ is owned by 0. Verify User Who Owns /etc/sudoers.d Directory Ubuntu 22.04 This test makes sure that /etc/sudoers.d/ is owned by 0. Verify User Who Owns /etc/sysctl.d Directory Ubuntu 22.04 This test makes sure that /etc/sysctl.d/ is owned by 0. Verify Owner on SSH Server Configuration Files Ubuntu 22.04 This test makes sure that /etc/ssh/sshd_config.d/ is owned by 0. Verify Permissions On /etc/ipsec.d Directory Ubuntu 22.04 This test makes sure that /etc/ipsec.d/ has mode 0700. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions On /etc/iptables Directory Ubuntu 22.04 This test makes sure that /etc/iptables/ has mode 0700. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions On /etc/nftables Directory Ubuntu 22.04 This test makes sure that /etc/nftables/ has mode 0700. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions On /etc/selinux Directory Ubuntu 22.04 This test makes sure that /etc/selinux/ has mode 0755. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions On /etc/sudoers.d Directory Ubuntu 22.04 This test makes sure that /etc/sudoers.d/ has mode 0750. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions On /etc/sysctl.d Directory Ubuntu 22.04 This test makes sure that /etc/sysctl.d/ has mode 0755. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on SSH Server Config File Ubuntu 22.04 This test makes sure that /etc/ssh/sshd_config.d/ has mode 0700. If the target file or directory has an extended ACL, then it will fail the mode check. Disable Host-Based Authentication Ubuntu 22.04 Ensure 'HostbasedAuthentication' is configured with value 'no' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Ensure that /etc/at.allow exists Ubuntu 22.04 This test makes sure that/etc/at.allow does exist. Ensure that /etc/at.deny does not exist Ubuntu 22.04 This test makes sure that/etc/at.deny does not exist. Audit Tools Must Be Group-owned by Root Ubuntu 22.04 This test makes sure that /sbin/auditctl, /sbin/aureport, /sbin/ausearch, /sbin/autrace, /sbin/auditd, /sbin/rsyslogd, /sbin/augenrules is group owned by 0. Audit Tools Must Be Owned by Root Ubuntu 22.04 This test makes sure that /sbin/auditctl, /sbin/aureport, /sbin/ausearch, /sbin/autrace, /sbin/auditd, /sbin/rsyslogd, /sbin/augenrules is owned by 0. Audit Tools Must Have a Mode of 0755 or Less Permissive Ubuntu 22.04 This test makes sure that /sbin/auditctl, /sbin/aureport, /sbin/ausearch, /sbin/autrace, /sbin/auditd, /sbin/rsyslogd, /sbin/augenrules has mode 0755. If the target file or directory has an extended ACL, then it will fail the mode check. Ensure that /etc/cron.allow exists Ubuntu 22.04 This test makes sure that/etc/cron.allow does exist. Ensure that /etc/cron.deny does not exist Ubuntu 22.04 This test makes sure that/etc/cron.deny does not exist. Verify Group Who Owns /etc/at.allow file Ubuntu 22.04 This test makes sure that /etc/at.allow is group owned by 0. Verify Group Who Owns /etc/at.deny file Ubuntu 22.04 This test makes sure that /etc/at.deny is group owned by 0. Verify Group Who Owns Backup group File Ubuntu 22.04 This test makes sure that /etc/group- is group owned by 0. Verify Group Who Owns Backup gshadow File Ubuntu 22.04 This test makes sure that /etc/gshadow- is group owned by 42. Verify Group Who Owns Backup passwd File Ubuntu 22.04 This test makes sure that /etc/passwd- is group owned by 0. Verify User Who Owns Backup shadow File Ubuntu 22.04 This test makes sure that /etc/shadow- is group owned by 42. Verify Group Who Owns /etc/cron.allow file Ubuntu 22.04 This test makes sure that /etc/cron.allow is group owned by crontab. Verify Group Who Owns cron.d Ubuntu 22.04 This test makes sure that /etc/cron.d/ is group owned by 0. Verify Group Who Owns cron.daily Ubuntu 22.04 This test makes sure that /etc/cron.daily/ is group owned by 0. Verify Group Who Owns cron.deny Ubuntu 22.04 This test makes sure that /etc/cron.deny is group owned by 0. Verify Group Who Owns cron.hourly Ubuntu 22.04 This test makes sure that /etc/cron.hourly/ is group owned by 0. Verify Group Who Owns cron.monthly Ubuntu 22.04 This test makes sure that /etc/cron.monthly/ is group owned by 0. Verify Group Who Owns cron.weekly Ubuntu 22.04 This test makes sure that /etc/cron.weekly/ is group owned by 0. Verify Group Who Owns cron.yearly Ubuntu 22.04 This test makes sure that /etc/cron.yearly/ is group owned by 0. Verify Group Who Owns Crontab Ubuntu 22.04 This test makes sure that /etc/crontab is group owned by 0. Verify the UEFI Boot Loader grub.cfg Group Ownership Ubuntu 22.04 This test makes sure that /boot/grub/grub.cfg is group owned by 0. Verify /boot/grub/user.cfg Group Ownership Ubuntu 22.04 This test makes sure that /boot/grub/user.cfg is group owned by 0. Verify Group Who Owns /etc/crypttab File Ubuntu 22.04 This test makes sure that /etc/crypttab is group owned by root. Verify Group Who Owns group File Ubuntu 22.04 This test makes sure that /etc/group is group owned by 0. Verify Group Who Owns gshadow File Ubuntu 22.04 This test makes sure that /etc/gshadow is group owned by 42. Verify Group Ownership of /etc/hosts.allow Ubuntu 22.04 This test makes sure that /etc/hosts.allow is group owned by 0. Verify Group Ownership of /etc/hosts.deny Ubuntu 22.04 This test makes sure that /etc/hosts.deny is group owned by 0. Verify Group Who Owns /etc/ipsec.conf File Ubuntu 22.04 This test makes sure that /etc/ipsec.conf is group owned by root. Verify Group Who Owns /etc/ipsec.secrets File Ubuntu 22.04 This test makes sure that /etc/ipsec.secrets is group owned by root. Verify Group Ownership of System Login Banner Ubuntu 22.04 This test makes sure that /etc/issue is group owned by 0. Verify Group Ownership of System Login Banner for Remote Connections Ubuntu 22.04 This test makes sure that /etc/issue.net is group owned by 0. Verify Group Ownership of Message of the Day Banner Ubuntu 22.04 This test makes sure that /etc/motd is group owned by 0. Verify Group Who Owns passwd File Ubuntu 22.04 This test makes sure that /etc/passwd is group owned by 0. Verify Group Who Owns /etc/security/opasswd File Ubuntu 22.04 This test makes sure that /etc/security/opasswd is group owned by 0. Verify Group Who Owns /etc/security/opasswd.old File Ubuntu 22.04 This test makes sure that /etc/security/opasswd.old is group owned by 0. Verify Group Who Owns /etc/sestatus.conf File Ubuntu 22.04 This test makes sure that /etc/sestatus.conf is group owned by root. Verify Group Who Owns shadow File Ubuntu 22.04 This test makes sure that /etc/shadow is group owned by 42. Verify Group Who Owns /etc/shells File Ubuntu 22.04 This test makes sure that /etc/shells is group owned by 0. Verify Group Who Owns /etc/sudoers File Ubuntu 22.04 This test makes sure that /etc/sudoers is group owned by root. Verify /boot/grub/grub.cfg Group Ownership Ubuntu 22.04 This test makes sure that /boot/grub/grub.cfg is group owned by 0. Verify Groupowner on the journalctl command Ubuntu 22.04 This test makes sure that /usr/bin/journalctl is group owned by 0. Verify Group Who Owns SSH Server config file Ubuntu 22.04 This test makes sure that /etc/ssh/sshd_config is group owned by 0. Verify Group Who Owns SSH Server Configuration Files Ubuntu 22.04 This test makes sure that /etc/ssh/sshd_config.d/ is group owned by 0. Verify Group Who Owns the system journal Ubuntu 22.04 This test makes sure that /run/log/journal/, /var/log/journal/ is group owned by systemd-journal. Verify Group Who Owns System.map Files Ubuntu 22.04 This test makes sure that /boot/ is group owned by root. Verify /boot/grub/user.cfg Group Ownership Ubuntu 22.04 This test makes sure that /boot/grub/user.cfg is group owned by 0. Verify Group Who Owns /var/log Directory Ubuntu 22.04 This test makes sure that /var/log/ is group owned by syslog. Verify Group Who Owns /var/log/auth.log File Ubuntu 22.04 This test makes sure that /var/log/auth.log is group owned by adm or root. Verify Group Who Owns /var/log/cloud-init.log* File Ubuntu 22.04 This test makes sure that /var/log/ is group owned by adm or root. Verify Group Who Owns /var/log/*.journal(~) File Ubuntu 22.04 This test makes sure that /var/log/ is group owned by systemd-journal or root. Verify Group Who Owns /var/log/lastlog File Ubuntu 22.04 This test makes sure that /var/log/ is group owned by utmp or root. Verify Group Who Owns /var/log/localmessages* File Ubuntu 22.04 This test makes sure that /var/log/ is group owned by adm or root. Verify Group Who Owns /var/log/messages File Ubuntu 22.04 This test makes sure that /var/log/messages is group owned by 0. Verify Group Who Owns /var/log/secure File Ubuntu 22.04 This test makes sure that /var/log/ is group owned by adm or root. Verify Group Who Owns /var/log/syslog File Ubuntu 22.04 This test makes sure that /var/log/syslog is group owned by 4. Verify Group Who Owns /var/log/waagent.log File Ubuntu 22.04 This test makes sure that /var/log/ is group owned by adm or root. Verify Group Who Owns /var/log/(b|w)tmp(.*|-*) File Ubuntu 22.04 This test makes sure that /var/log/ is group owned by utmp or root. Verify that audit tools are owned by group root Ubuntu 22.04 This test makes sure that /sbin/auditctl, /sbin/aureport, /sbin/ausearch, /sbin/autrace, /sbin/auditd, /sbin/augenrules is group owned by 0. Audit Configuration Files Must Be Owned By Group root Ubuntu 22.04 This test makes sure that /etc/audit/, /etc/audit/rules.d/ is group owned by 0. Verify Group Who Owns lastlog Command Ubuntu 22.04 This test makes sure that /usr/bin/lastlog is group owned by 0. Verify Group Ownership on SSH Server Private *_key Key Files Ubuntu 22.04 This test makes sure that /etc/ssh/ is group owned by 0. Verify Group Ownership on SSH Server Public *.pub Key Files Ubuntu 22.04 This test makes sure that /etc/ssh/ is group owned by 0. Verify Groupownership of Files in /var/log/apt Ubuntu 22.04 This test makes sure that /var/log/apt/ is group owned by adm or root. Verify Groupownership of Files in /var/log/gdm Ubuntu 22.04 This test makes sure that /var/log/gdm/ is group owned by gdm or root. Verify Groupownership of Files in /var/log/gdm3 Ubuntu 22.04 This test makes sure that /var/log/gdm3/ is group owned by gdm or gdm3 or root. Verify Groupownership of Files in /var/log/landscape Ubuntu 22.04 This test makes sure that /var/log/landscape/ is group owned by root or landscape. Verify Grouponwership of Files in /var/log/sssd Ubuntu 22.04 This test makes sure that /var/log/sssd/ is group owned by sssd or root. Verify User Who Owns /etc/at.allow file Ubuntu 22.04 This test makes sure that /etc/at.allow is owned by 0. Verify User Who Owns /etc/at.deny file Ubuntu 22.04 This test makes sure that /etc/at.deny is owned by 0. Verify User Who Owns Backup group File Ubuntu 22.04 This test makes sure that /etc/group- is owned by 0. Verify User Who Owns Backup gshadow File Ubuntu 22.04 This test makes sure that /etc/gshadow- is owned by 0. Verify User Who Owns Backup passwd File Ubuntu 22.04 This test makes sure that /etc/passwd- is owned by 0. Verify Group Who Owns Backup shadow File Ubuntu 22.04 This test makes sure that /etc/shadow- is owned by 0. Verify User Who Owns /etc/cron.allow file Ubuntu 22.04 This test makes sure that /etc/cron.allow is owned by 0. Verify Owner on cron.d Ubuntu 22.04 This test makes sure that /etc/cron.d/ is owned by 0. Verify Owner on cron.daily Ubuntu 22.04 This test makes sure that /etc/cron.daily/ is owned by 0. Verify Owner on cron.deny Ubuntu 22.04 This test makes sure that /etc/cron.deny is owned by 0. Verify Owner on cron.hourly Ubuntu 22.04 This test makes sure that /etc/cron.hourly/ is owned by 0. Verify Owner on cron.monthly Ubuntu 22.04 This test makes sure that /etc/cron.monthly/ is owned by 0. Verify Owner on cron.weekly Ubuntu 22.04 This test makes sure that /etc/cron.weekly/ is owned by 0. Verify Owner on cron.yearly Ubuntu 22.04 This test makes sure that /etc/cron.yearly/ is owned by 0. Verify Owner on crontab Ubuntu 22.04 This test makes sure that /etc/crontab is owned by 0. Verify the UEFI Boot Loader grub.cfg User Ownership Ubuntu 22.04 This test makes sure that /boot/grub/grub.cfg is owned by 0. Verify /boot/grub/user.cfg User Ownership Ubuntu 22.04 This test makes sure that /boot/grub/user.cfg is owned by 0. Verify User Who Owns /etc/chrony.keys File Ubuntu 22.04 This test makes sure that /etc/chrony.keys is owned by 0. Verify User Who Owns /etc/crypttab File Ubuntu 22.04 This test makes sure that /etc/crypttab is owned by 0. Verify User Who Owns group File Ubuntu 22.04 This test makes sure that /etc/group is owned by 0. Verify User Who Owns gshadow File Ubuntu 22.04 This test makes sure that /etc/gshadow is owned by 0. Verify Ownership of /etc/hosts.allow Ubuntu 22.04 This test makes sure that /etc/hosts.allow is owned by 0. Verify Ownership of /etc/hosts.deny Ubuntu 22.04 This test makes sure that /etc/hosts.deny is owned by 0. Verify User Who Owns /etc/ipsec.conf File Ubuntu 22.04 This test makes sure that /etc/ipsec.conf is owned by 0. Verify User Who Owns /etc/ipsec.secrets File Ubuntu 22.04 This test makes sure that /etc/ipsec.secrets is owned by 0. Verify ownership of System Login Banner Ubuntu 22.04 This test makes sure that /etc/issue is owned by 0. Verify ownership of System Login Banner for Remote Connections Ubuntu 22.04 This test makes sure that /etc/issue.net is owned by 0. Verify ownership of Message of the Day Banner Ubuntu 22.04 This test makes sure that /etc/motd is owned by 0. Verify User Who Owns passwd File Ubuntu 22.04 This test makes sure that /etc/passwd is owned by 0. Verify User Who Owns /etc/security/opasswd File Ubuntu 22.04 This test makes sure that /etc/security/opasswd is owned by 0. Verify User Who Owns /etc/security/opasswd.old File Ubuntu 22.04 This test makes sure that /etc/security/opasswd.old is owned by 0. Verify User Who Owns /etc/sestatus.conf File Ubuntu 22.04 This test makes sure that /etc/sestatus.conf is owned by 0. Verify User Who Owns shadow File Ubuntu 22.04 This test makes sure that /etc/shadow is owned by 0. Verify Who Owns /etc/shells File Ubuntu 22.04 This test makes sure that /etc/shells is owned by 0. Verify User Who Owns /etc/sudoers File Ubuntu 22.04 This test makes sure that /etc/sudoers is owned by 0. Verify /boot/grub/grub.cfg User Ownership Ubuntu 22.04 This test makes sure that /boot/grub/grub.cfg is owned by 0. Verify Owner on the journalctl Command Ubuntu 22.04 This test makes sure that /usr/bin/journalctl is owned by 0. Verify Owner on SSH Server config file Ubuntu 22.04 This test makes sure that /etc/ssh/sshd_config is owned by 0. Verify Owner on SSH Server Configuration Files Ubuntu 22.04 This test makes sure that /etc/ssh/sshd_config.d/ is owned by 0. Verify Owner on the system journal Ubuntu 22.04 This test makes sure that /run/log/journal/, /var/log/journal/ is owned by 0. Verify User Who Owns System.map Files Ubuntu 22.04 This test makes sure that /boot/ is owned by 0. Verify /boot/grub/user.cfg User Ownership Ubuntu 22.04 This test makes sure that /boot/grub/user.cfg is owned by 0. Verify User Who Owns /var/log Directory Ubuntu 22.04 This test makes sure that /var/log/ is owned by 0. Verify User Who Owns /var/log/auth.log File Ubuntu 22.04 This test makes sure that /var/log/auth.log is owned by syslog or root. Verify User Who Owns /var/log/cloud-init.log File Ubuntu 22.04 This test makes sure that /var/log/ is owned by syslog or root. Verify User Who Owns /var/log/*.journal(~) Files Ubuntu 22.04 This test makes sure that /var/log/ is owned by 0. Verify User Who Owns /var/log/lastlog File Ubuntu 22.04 This test makes sure that /var/log/ is owned by 0. Verify User Who Owns /var/log/localmessages File Ubuntu 22.04 This test makes sure that /var/log/ is owned by syslog or root. Verify User Who Owns /var/log/messages File Ubuntu 22.04 This test makes sure that /var/log/messages is owned by 0. Verify User Who Owns /var/log/secure File Ubuntu 22.04 This test makes sure that /var/log/ is owned by syslog or root. Verify User Who Owns /var/log/syslog File Ubuntu 22.04 This test makes sure that /var/log/syslog is owned by syslog. Verify User Who Owns /var/log/waagent.log File Ubuntu 22.04 This test makes sure that /var/log/ is owned by syslog or root. Verify User Who Owns /var/log/(b|w)tmp(.*|-*) File Ubuntu 22.04 This test makes sure that /var/log/ is owned by 0. Verify that audit tools are owned by root Ubuntu 22.04 This test makes sure that /sbin/auditctl, /sbin/aureport, /sbin/ausearch, /sbin/autrace, /sbin/auditd, /sbin/augenrules is owned by 0. Audit Configuration Files Must Be Owned By Root Ubuntu 22.04 This test makes sure that /etc/audit/, /etc/audit/rules.d/ is owned by 0. Verify Owner on lastlog Command Ubuntu 22.04 This test makes sure that /usr/bin/lastlog is owned by 0. Verify that Shared Library Files Have Root Ownership Ubuntu 22.04 This test makes sure that /lib/, /lib64/, /usr/lib/, /usr/lib64/ is owned by 0. Verify Ownership on SSH Server Private *_key Key Files Ubuntu 22.04 This test makes sure that /etc/ssh/ is owned by 0. Verify Ownership on SSH Server Public *.pub Key Files Ubuntu 22.04 This test makes sure that /etc/ssh/ is owned by 0. Verify Ownership of Files in /var/log/apt Ubuntu 22.04 This test makes sure that /var/log/apt/ is owned by 0. Verify Ownership of Files in /var/log/gdm Ubuntu 22.04 This test makes sure that /var/log/gdm/ is owned by 0. Verify Ownership of Files in /var/log/gdm3 Ubuntu 22.04 This test makes sure that /var/log/gdm3/ is owned by 0. Verify Ownership of Files in /var/log/landscape Ubuntu 22.04 This test makes sure that /var/log/landscape/ is owned by root or landscape. Verify Ownership of Files in /var/log/sssd Ubuntu 22.04 This test makes sure that /var/log/sssd/ is owned by sssd or root. Verify Permissions on /etc/at.allow file Ubuntu 22.04 This test makes sure that /etc/at.allow has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /etc/at.deny file Ubuntu 22.04 This test makes sure that /etc/at.deny has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Verify that audit tools Have Mode 0755 or less Ubuntu 22.04 This test makes sure that /sbin/auditctl, /sbin/aureport, /sbin/ausearch, /sbin/autrace, /sbin/auditd, /sbin/augenrules has mode 0755. If the target file or directory has an extended ACL, then it will fail the mode check. Audit Configuration Files Permissions are 640 or More Restrictive Ubuntu 22.04 This test makes sure that /etc/audit/, /etc/audit/rules.d/ has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on Backup group File Ubuntu 22.04 This test makes sure that /etc/group- has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on Backup gshadow File Ubuntu 22.04 This test makes sure that /etc/gshadow- has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on Backup passwd File Ubuntu 22.04 This test makes sure that /etc/passwd- has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on Backup shadow File Ubuntu 22.04 This test makes sure that /etc/shadow- has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /etc/cron.allow file Ubuntu 22.04 This test makes sure that /etc/cron.allow has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on cron.d Ubuntu 22.04 This test makes sure that /etc/cron.d/ has mode 0700. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on cron.daily Ubuntu 22.04 This test makes sure that /etc/cron.daily/ has mode 0700. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on cron.hourly Ubuntu 22.04 This test makes sure that /etc/cron.hourly/ has mode 0700. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on cron.monthly Ubuntu 22.04 This test makes sure that /etc/cron.monthly/ has mode 0700. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on cron.weekly Ubuntu 22.04 This test makes sure that /etc/cron.weekly/ has mode 0700. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on cron.yearly Ubuntu 22.04 This test makes sure that /etc/cron.yearly/ has mode 0700. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on crontab Ubuntu 22.04 This test makes sure that /etc/crontab has mode 0600. If the target file or directory has an extended ACL, then it will fail the mode check. Verify the UEFI Boot Loader grub.cfg Permissions Ubuntu 22.04 This test makes sure that /boot/grub/grub.cfg has mode 0700. If the target file or directory has an extended ACL, then it will fail the mode check. Verify /boot/grub/user.cfg Permissions Ubuntu 22.04 This test makes sure that /boot/grub/user.cfg has mode 0700. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /etc/audit/auditd.conf Ubuntu 22.04 This test makes sure that /etc/audit/auditd.conf has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /etc/audit/audit.rules Ubuntu 22.04 This test makes sure that /etc/audit/audit.rules has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /etc/audit/rules.d/*.rules Ubuntu 22.04 This test makes sure that /etc/audit/rules.d/ has mode 0600. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions On /etc/chrony.keys File Ubuntu 22.04 This test makes sure that /etc/chrony.keys has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions On /etc/crypttab File Ubuntu 22.04 This test makes sure that /etc/crypttab has mode 0600. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on group File Ubuntu 22.04 This test makes sure that /etc/group has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on gshadow File Ubuntu 22.04 This test makes sure that /etc/gshadow has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /etc/hosts.allow Ubuntu 22.04 This test makes sure that /etc/hosts.allow has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /etc/hosts.deny Ubuntu 22.04 This test makes sure that /etc/hosts.deny has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions On /etc/ipsec.conf File Ubuntu 22.04 This test makes sure that /etc/ipsec.conf has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions On /etc/ipsec.secrets File Ubuntu 22.04 This test makes sure that /etc/ipsec.secrets has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify permissions on System Login Banner Ubuntu 22.04 This test makes sure that /etc/issue has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify permissions on System Login Banner for Remote Connections Ubuntu 22.04 This test makes sure that /etc/issue.net has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify permissions on Message of the Day Banner Ubuntu 22.04 This test makes sure that /etc/motd has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on passwd File Ubuntu 22.04 This test makes sure that /etc/passwd has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /etc/security/opasswd File Ubuntu 22.04 This test makes sure that /etc/security/opasswd has mode 0600. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /etc/security/opasswd.old File Ubuntu 22.04 This test makes sure that /etc/security/opasswd.old has mode 0600. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions On /etc/sestatus.conf File Ubuntu 22.04 This test makes sure that /etc/sestatus.conf has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on shadow File Ubuntu 22.04 This test makes sure that /etc/shadow has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /etc/shells File Ubuntu 22.04 This test makes sure that /etc/shells has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions On /etc/sudoers File Ubuntu 22.04 This test makes sure that /etc/sudoers has mode 0440. If the target file or directory has an extended ACL, then it will fail the mode check. Verify /boot/grub/grub.cfg Permissions Ubuntu 22.04 This test makes sure that /boot/grub/grub.cfg has mode 0600. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on the journal command Ubuntu 22.04 This test makes sure that /usr/bin/journalctl has mode 0740. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on lastlog Command Ubuntu 22.04 This test makes sure that /usr/bin/lastlog has mode 0750. If the target file or directory has an extended ACL, then it will fail the mode check. Verify that Shared Library Files Have Restrictive Permissions Ubuntu 22.04 This test makes sure that /lib/, /lib64/, /usr/lib/, /usr/lib64/ has mode 7755. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on SSH Server config file Ubuntu 22.04 This test makes sure that /etc/ssh/sshd_config has mode 0600. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on SSH Server Config File Ubuntu 22.04 This test makes sure that /etc/ssh/sshd_config.d/ has mode 0600. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on SSH Server Public *.pub Key Files Ubuntu 22.04 This test makes sure that /etc/ssh/ has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Ensure That the sudo Binary Has the Correct Permissions Ubuntu 22.04 This test makes sure that /usr/bin/sudo has mode 4110. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on the system journal Ubuntu 22.04 This test makes sure that /run/log/journal/, /var/log/journal/ has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on System.map Files Ubuntu 22.04 This test makes sure that /boot/ has mode 0600. If the target file or directory has an extended ACL, then it will fail the mode check. Verify /boot/grub/user.cfg Permissions Ubuntu 22.04 This test makes sure that /boot/grub/user.cfg has mode 0600. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /var/log Directory Ubuntu 22.04 This test makes sure that /var/log/ has mode 0755. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on files in the /var/log/apt/.* directory Ubuntu 22.04 This test makes sure that /var/log/apt/ has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /var/log/auth.log File Ubuntu 22.04 This test makes sure that /var/log/auth.log has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /var/log/cloud-init.log(.*) Files Ubuntu 22.04 This test makes sure that /var/log/ has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions of Files in /var/log/gdm Ubuntu 22.04 This test makes sure that /var/log/gdm/ has mode 0660. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions of Files in /var/log/gdm3 Ubuntu 22.04 This test makes sure that /var/log/gdm3/ has mode 0660. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /var/log/lastlog(.*) Files Ubuntu 22.04 This test makes sure that /var/log/ has mode 0664. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /var/log/localmessages(.*) Files Ubuntu 22.04 This test makes sure that /var/log/ has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /var/log/messages File Ubuntu 22.04 This test makes sure that /var/log/messages has mode 0600. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /var/log/secure File Ubuntu 22.04 This test makes sure that /var/log/secure has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions of Files in /var/log/sssd Ubuntu 22.04 This test makes sure that /var/log/sssd/ has mode 0660. If the target file or directory has an extended ACL, then it will fail the mode check. Verify permissions of log files Ubuntu 22.04 This test makes sure that /var/log/ has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /var/log/syslog File Ubuntu 22.04 This test makes sure that /var/log/syslog has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /var/log/waagent.log(.*) Files Ubuntu 22.04 This test makes sure that /var/log/ has mode 0644. If the target file or directory has an extended ACL, then it will fail the mode check. Verify Permissions on /var/log/wtmp(.*) Files Ubuntu 22.04 This test makes sure that /var/log/ has mode 0664. If the target file or directory has an extended ACL, then it will fail the mode check. The File /etc/ssh/sshd_config.d/50-redhat.conf Must Exist Ubuntu 22.04 This test makes sure that/etc/ssh/sshd_config.d/50-redhat.conf does exist. Configure Firewalld to Use the Nftables Backend Ubuntu 22.04 Ensure 'FirewallBackend' is configured with value 'nftables' in /etc/firewalld/firewalld.conf Enable Auditing for Processes Which Start Prior to the Audit Daemon Ubuntu 22.04 Ensure audit=1 is configured in the kernel line in /etc/default/grub. Extend Audit Backlog Limit for the Audit Daemon Ubuntu 22.04 Ensure audit_backlog_limit is configured in the kernel line in /etc/default/grub. IOMMU configuration directive Ubuntu 22.04 Ensure iommu=force is configured in the kernel line in /etc/default/grub. Configure kernel to zero out memory before allocation Ubuntu 22.04 Ensure init_on_alloc=1 is configured in the kernel line in /etc/default/grub. The system must booted with init_on_free=1 Ubuntu 22.04 Ensure init_on_free=1 is configured in the kernel line in /etc/default/grub. Ensure IPv6 is disabled through kernel boot parameter Ubuntu 22.04 Ensure ipv6.disable=1 is configured in the kernel line in /etc/default/grub. Configure L1 Terminal Fault mitigations Ubuntu 22.04 Ensure l1tf is configured in the kernel line in /etc/default/grub. Force kernel panic on uncorrected MCEs Ubuntu 22.04 Ensure mce=0 is configured in the kernel line in /etc/default/grub. Configure Microarchitectural Data Sampling mitigation Ubuntu 22.04 Ensure mds is configured in the kernel line in /etc/default/grub. System Must Avoid Meltdown and Spectre Exploit Vulnerabilities in Modern Processors Ubuntu 22.04 Ensure mitigations=off is not set in the kernel line in /etc/default/grub. Ensure SMAP is not disabled during boot Ubuntu 22.04 Ensure nosmap is not set in the kernel line in /etc/default/grub. Ensure SMEP is not disabled during boot Ubuntu 22.04 Ensure nosmep is not set in the kernel line in /etc/default/grub. Disable Kernel Support for USB via Bootloader Configuration Ubuntu 22.04 Ensure nousb is configured in the kernel line in /etc/default/grub. Enable randomization of the page allocator Ubuntu 22.04 Ensure page_alloc.shuffle=1 is configured in the kernel line in /etc/default/grub. Enable page allocator poisoning Ubuntu 22.04 Ensure page_poison=1 is configured in the kernel line in /etc/default/grub. Enable Kernel Page-Table Isolation (KPTI) Ubuntu 22.04 Ensure pti=on is configured in the kernel line in /etc/default/grub. Configure the confidence in TPM for entropy Ubuntu 22.04 Ensure rng_core.default_quality is configured in the kernel line in /etc/default/grub. Disable merging of slabs with similar size Ubuntu 22.04 Ensure slab_nomerge=yes is configured in the kernel line in /etc/default/grub. Enable SLUB/SLAB allocator poisoning Ubuntu 22.04 Ensure slub_debug is configured in the kernel line in /etc/default/grub. Configure Speculative Store Bypass Mitigation Ubuntu 22.04 Ensure spec_store_bypass_disable is configured in the kernel line in /etc/default/grub. Enforce Spectre v2 mitigation Ubuntu 22.04 Ensure spectre_v2=on is configured in the kernel line in /etc/default/grub. Ensure debug-shell service is not enabled during boot Ubuntu 22.04 Ensure systemd.debug-shell is not set in the kernel line in /etc/default/grub. Disable vsyscalls Ubuntu 22.04 Ensure vsyscall=none is configured in the kernel line in /etc/default/grub. Install Smart Card Packages For Multifactor Authentication Ubuntu 22.04 The DPKG package libpam-pkcs11 should be installed. Ensure journald is configured to compress large log files Ubuntu 22.04 Ensure 'Compress' is configured with value 'yes' in /etc/systemd/journald.conf Ensure journald ForwardToSyslog is disabled Ubuntu 22.04 Ensure 'ForwardToSyslog' is configured with value 'no' in /etc/systemd/journald.conf Ensure journald is configured to send logs to rsyslog Ubuntu 22.04 Ensure 'ForwardToSyslog' is configured with value 'yes' in /etc/systemd/journald.conf Ensure journald is configured to write log files to persistent disk Ubuntu 22.04 Ensure 'Storage' is configured with value 'persistent' in /etc/systemd/journald.conf Do not allow ACPI methods to be inserted/replaced at run time Ubuntu 22.04 The kernel CONFIG_ACPI_CUSTOM_METHOD should have value n Emulate Privileged Access Never (PAN) Ubuntu 22.04 The kernel CONFIG_ARM64_SW_TTBR0_PAN should have value y Disable kernel support for MISC binaries Ubuntu 22.04 The kernel CONFIG_BINFMT_MISC should have value n Enable support for BUG() Ubuntu 22.04 The kernel CONFIG_BUG should have value y Trigger a kernel BUG when data corruption is detected Ubuntu 22.04 The kernel CONFIG_BUG_ON_DATA_CORRUPTION should have value y Disable compatibility with brk() Ubuntu 22.04 The kernel CONFIG_COMPAT_BRK should have value n Disable the 32-bit vDSO Ubuntu 22.04 The kernel CONFIG_COMPAT_VDSO should have value n Enable checks on credential management Ubuntu 22.04 The kernel CONFIG_DEBUG_CREDENTIALS should have value y Disable kernel debugfs Ubuntu 22.04 The kernel CONFIG_DEBUG_FS should have value n Enable checks on linked list manipulation Ubuntu 22.04 The kernel CONFIG_DEBUG_LIST should have value y Enable checks on notifier call chains Ubuntu 22.04 The kernel CONFIG_DEBUG_NOTIFIERS should have value y Enable checks on scatter-gather (SG) table operations Ubuntu 22.04 The kernel CONFIG_DEBUG_SG should have value y Warn on W+X mappings found at boot Ubuntu 22.04 The kernel CONFIG_DEBUG_WX should have value y Disable /dev/kmem virtual device support Ubuntu 22.04 The kernel CONFIG_DEVKMEM should have value n Harden common str/mem functions against buffer overflows Ubuntu 22.04 The kernel CONFIG_FORTIFY_SOURCE should have value y Generate some entropy during boot and runtime Ubuntu 22.04 The kernel CONFIG_GCC_PLUGIN_LATENT_ENTROPY should have value y Randomize layout of sensitive kernel structures Ubuntu 22.04 The kernel CONFIG_GCC_PLUGIN_RANDSTRUCT should have value y Poison kernel stack before returning from syscalls Ubuntu 22.04 The kernel CONFIG_GCC_PLUGIN_STACKLEAK should have value y Force initialization of variables containing userspace addresses Ubuntu 22.04 The kernel CONFIG_GCC_PLUGIN_STRUCTLEAK should have value y zero-init everything passed by reference Ubuntu 22.04 The kernel CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL should have value y Harden memory copies between kernel and userspace Ubuntu 22.04 The kernel CONFIG_HARDENED_USERCOPY should have value y Do not allow usercopy whitelist violations to fallback to object size Ubuntu 22.04 The kernel CONFIG_HARDENED_USERCOPY_FALLBACK should have value n Disable hibernation Ubuntu 22.04 The kernel CONFIG_HIBERNATION should have value n Disable IA32 emulation Ubuntu 22.04 The kernel CONFIG_IA32_EMULATION should have value n Disable the IPv6 protocol Ubuntu 22.04 The kernel CONFIG_IPV6 should have value n Disable kexec system call Ubuntu 22.04 The kernel CONFIG_KEXEC should have value n Disable legacy (BSD) PTY support Ubuntu 22.04 The kernel CONFIG_LEGACY_PTYS should have value n Disable vsyscall emulation Ubuntu 22.04 The kernel CONFIG_LEGACY_VSYSCALL_EMULATE should have value n Disable vsyscall mapping Ubuntu 22.04 The kernel CONFIG_LEGACY_VSYSCALL_NONE should have value y Disable vsyscall emulate execution only Ubuntu 22.04 The kernel CONFIG_LEGACY_VSYSCALL_XONLY should have value n Disable the LDT (local descriptor table) Ubuntu 22.04 The kernel CONFIG_MODIFY_LDT_SYSCALL should have value n Enable module signature verification Ubuntu 22.04 The kernel CONFIG_MODULE_SIG should have value y Enable automatic signing of all modules Ubuntu 22.04 The kernel CONFIG_MODULE_SIG_ALL should have value y Require modules to be validly signed Ubuntu 22.04 The kernel CONFIG_MODULE_SIG_FORCE should have value y Specify the hash to use when signing modules Ubuntu 22.04 The kernel CONFIG_MODULE_SIG_HASH should have value according to var_kernel_config_module_sig_hash Specify module signing key to use Ubuntu 22.04 The kernel CONFIG_MODULE_SIG_KEY should have value according to var_kernel_config_module_sig_key Sign kernel modules with SHA-512 Ubuntu 22.04 The kernel CONFIG_MODULE_SIG_SHA512 should have value y Enable poison of pages after freeing Ubuntu 22.04 The kernel CONFIG_PAGE_POISONING should have value y Enable poison without sanity check Ubuntu 22.04 The kernel CONFIG_PAGE_POISONING_NO_SANITY should have value y Use zero for poisoning instead of debugging value Ubuntu 22.04 The kernel CONFIG_PAGE_POISONING_ZERO should have value y Remove the kernel mapping in user mode Ubuntu 22.04 The kernel CONFIG_PAGE_TABLE_ISOLATION should have value y Kernel panic oops Ubuntu 22.04 The kernel CONFIG_PANIC_ON_OOPS should have value y Kernel panic timeout Ubuntu 22.04 The kernel CONFIG_PANIC_TIMEOUT should have value according to var_kernel_config_panic_timeout Disable support for /proc/kkcore Ubuntu 22.04 The kernel CONFIG_PROC_KCORE should have value n Randomize the address of the kernel image (KASLR) Ubuntu 22.04 The kernel CONFIG_RANDOMIZE_BASE should have value y Randomize the kernel memory sections Ubuntu 22.04 The kernel CONFIG_RANDOMIZE_MEMORY should have value y Perform full reference count validation Ubuntu 22.04 The kernel CONFIG_REFCOUNT_FULL should have value y Avoid speculative indirect branches in kernel Ubuntu 22.04 The kernel CONFIG_RETPOLINE should have value y Detect stack corruption on calls to schedule() Ubuntu 22.04 The kernel CONFIG_SCHED_STACK_END_CHECK should have value y Enable seccomp to safely compute untrusted bytecode Ubuntu 22.04 The kernel CONFIG_SECCOMP should have value y Enable use of Berkeley Packet Filter with seccomp Ubuntu 22.04 The kernel CONFIG_SECCOMP_FILTER should have value y Enable different security models Ubuntu 22.04 The kernel CONFIG_SECURITY should have value y Restrict unprivileged access to the kernel syslog Ubuntu 22.04 The kernel CONFIG_SECURITY_DMESG_RESTRICT should have value y Disable mutable hooks Ubuntu 22.04 The kernel CONFIG_SECURITY_WRITABLE_HOOKS should have value n Enable Yama support Ubuntu 22.04 The kernel CONFIG_SECURITY_YAMA should have value y Harden slab freelist metadata Ubuntu 22.04 The kernel CONFIG_SLAB_FREELIST_HARDENED should have value y Randomize slab freelist Ubuntu 22.04 The kernel CONFIG_SLAB_FREELIST_RANDOM should have value y Disallow merge of slab caches Ubuntu 22.04 The kernel CONFIG_SLAB_MERGE_DEFAULT should have value n Enable SLUB debugging support Ubuntu 22.04 The kernel CONFIG_SLUB_DEBUG should have value y Stack Protector buffer overflow detection Ubuntu 22.04 The kernel CONFIG_STACKPROTECTOR should have value y Strong Stack Protector Ubuntu 22.04 The kernel CONFIG_STACKPROTECTOR_STRONG should have value y Make the kernel text and rodata read-only Ubuntu 22.04 The kernel CONFIG_STRICT_KERNEL_RWX should have value y Make the module text and rodata read-only Ubuntu 22.04 The kernel CONFIG_STRICT_MODULE_RWX should have value y Enable TCP/IP syncookie support Ubuntu 22.04 The kernel CONFIG_SYN_COOKIES should have value y Unmap kernel when running in userspace (aka KAISER) Ubuntu 22.04 The kernel CONFIG_UNMAP_KERNEL_AT_EL0 should have value y User a virtually-mapped stack Ubuntu 22.04 The kernel CONFIG_VMAP_STACK should have value y Disable x86 vsyscall emulation Ubuntu 22.04 The kernel CONFIG_X86_VSYSCALL_EMULATION should have value n Disable ATM Support Ubuntu 22.04 The kernel module atm should be disabled. Disable Bluetooth Kernel Module Ubuntu 22.04 The kernel module bluetooth should be disabled. Disable CAN Support Ubuntu 22.04 The kernel module can should be disabled. Disable Kernel cfg80211 Module Ubuntu 22.04 The kernel module cfg80211 should be disabled. Disable Mounting of cramfs Ubuntu 22.04 The kernel module cramfs should be disabled. Disable DCCP Support Ubuntu 22.04 The kernel module dccp should be disabled. Disable IEEE 1394 (FireWire) Support Ubuntu 22.04 The kernel module firewire-core should be disabled. Disable Mounting of freevxfs Ubuntu 22.04 The kernel module freevxfs should be disabled. Disable Mounting of hfs Ubuntu 22.04 The kernel module hfs should be disabled. Disable Mounting of hfsplus Ubuntu 22.04 The kernel module hfsplus should be disabled. Disable Kernel iwlmvm Module Ubuntu 22.04 The kernel module iwlmvm should be disabled. Disable Kernel iwlwifi Module Ubuntu 22.04 The kernel module iwlwifi should be disabled. Disable Mounting of jffs2 Ubuntu 22.04 The kernel module jffs2 should be disabled. Disable Kernel mac80211 Module Ubuntu 22.04 The kernel module mac80211 should be disabled. Ensure overlayfs kernel module is not available Ubuntu 22.04 The kernel module overlayfs should be disabled. Disable RDS Support Ubuntu 22.04 The kernel module rds should be disabled. Disable SCTP Support Ubuntu 22.04 The kernel module sctp should be disabled. Disable Mounting of squashfs Ubuntu 22.04 The kernel module squashfs should be disabled. Disable TIPC Support Ubuntu 22.04 The kernel module tipc should be disabled. Disable Mounting of udf Ubuntu 22.04 The kernel module udf should be disabled. Disable Modprobe Loading of USB Storage Driver Ubuntu 22.04 The kernel module usb-storage should be disabled. Disable the uvcvideo module Ubuntu 22.04 The kernel module uvcvideo should be disabled. Disable Mounting of vFAT filesystems Ubuntu 22.04 The kernel module vfat should be disabled. Add nosuid Option to /boot/efi Ubuntu 22.04 /boot/efi should be mounted with mount option nosuid. Add noauto Option to /boot Ubuntu 22.04 /boot should be mounted with mount option noauto. Add nodev Option to /boot Ubuntu 22.04 /boot should be mounted with mount option nodev. Add noexec Option to /boot Ubuntu 22.04 /boot should be mounted with mount option noexec. Add nosuid Option to /boot Ubuntu 22.04 /boot should be mounted with mount option nosuid. Add nodev Option to /dev/shm Ubuntu 22.04 /dev/shm should be mounted with mount option nodev. Add noexec Option to /dev/shm Ubuntu 22.04 /dev/shm should be mounted with mount option noexec. Add nosuid Option to /dev/shm Ubuntu 22.04 /dev/shm should be mounted with mount option nosuid. Add grpquota Option to /home Ubuntu 22.04 /home should be mounted with mount option grpquota. Add nodev Option to /home Ubuntu 22.04 /home should be mounted with mount option nodev. Add noexec Option to /home Ubuntu 22.04 /home should be mounted with mount option noexec. Add nosuid Option to /home Ubuntu 22.04 /home should be mounted with mount option nosuid. Add usrquota Option to /home Ubuntu 22.04 /home should be mounted with mount option usrquota. Mount Remote Filesystems with Kerberos Security Ubuntu 22.04 The sec_krb5_krb5i_krb5p option should be enabled for all NFS mounts in /etc/fstab. Mount Remote Filesystems with nodev Ubuntu 22.04 The nodev option should be enabled for all NFS mounts in /etc/fstab. Add nodev Option to Removable Media Partitions Ubuntu 22.04 The nodev option should be enabled for all removable devices mounts in /etc/fstab. Mount Remote Filesystems with noexec Ubuntu 22.04 The noexec option should be enabled for all NFS mounts in /etc/fstab. Add noexec Option to Removable Media Partitions Ubuntu 22.04 The noexec option should be enabled for all removable devices mounts in /etc/fstab. Mount Remote Filesystems with nosuid Ubuntu 22.04 The nosuid option should be enabled for all NFS mounts in /etc/fstab. Add nosuid Option to Removable Media Partitions Ubuntu 22.04 The nosuid option should be enabled for all removable devices mounts in /etc/fstab. Add nosuid Option to /opt Ubuntu 22.04 /opt should be mounted with mount option nosuid. Add hidepid Option to /proc Ubuntu 22.04 /proc should be mounted with mount option hidepid. Add nosuid Option to /srv Ubuntu 22.04 /srv should be mounted with mount option nosuid. Add nodev Option to /tmp Ubuntu 22.04 /tmp should be mounted with mount option nodev. Add noexec Option to /tmp Ubuntu 22.04 /tmp should be mounted with mount option noexec. Add nosuid Option to /tmp Ubuntu 22.04 /tmp should be mounted with mount option nosuid. Add nodev Option to /var/log/audit Ubuntu 22.04 /var/log/audit should be mounted with mount option nodev. Add noexec Option to /var/log/audit Ubuntu 22.04 /var/log/audit should be mounted with mount option noexec. Add nosuid Option to /var/log/audit Ubuntu 22.04 /var/log/audit should be mounted with mount option nosuid. Add nodev Option to /var/log Ubuntu 22.04 /var/log should be mounted with mount option nodev. Add noexec Option to /var/log Ubuntu 22.04 /var/log should be mounted with mount option noexec. Add nosuid Option to /var/log Ubuntu 22.04 /var/log should be mounted with mount option nosuid. Add nodev Option to /var Ubuntu 22.04 /var should be mounted with mount option nodev. Add noexec Option to /var Ubuntu 22.04 /var should be mounted with mount option noexec. Add nosuid Option to /var Ubuntu 22.04 /var should be mounted with mount option nosuid. Add nodev Option to /var/tmp Ubuntu 22.04 /var/tmp should be mounted with mount option nodev. Add noexec Option to /var/tmp Ubuntu 22.04 /var/tmp should be mounted with mount option noexec. Add nosuid Option to /var/tmp Ubuntu 22.04 /var/tmp should be mounted with mount option nosuid. NetworkManager DNS Mode Must Be Must Configured Ubuntu 22.04 Ensure 'dns' is configured with value 'none|default' in section 'main' in /etc/NetworkManager/NetworkManager.conf Uninstall 389-ds-base Package Ubuntu 22.04 The DPKG package 389-ds-base should be removed. package_GConf2_installed Ubuntu 22.04 The DPKG package GConf2 should be installed. Install the Host Intrusion Prevention System (HIPS) Module Ubuntu 22.04 The DPKG package MFEhiplsm should be installed. Install SuSEfirewall2 Package Ubuntu 22.04 The DPKG package SuSEfirewall2 should be installed. Uninstall abrt-addon-ccpp Package Ubuntu 22.04 The DPKG package abrt-addon-ccpp should be removed. Uninstall abrt-addon-kerneloops Package Ubuntu 22.04 The DPKG package abrt-addon-kerneloops should be removed. Uninstall abrt-addon-python Package Ubuntu 22.04 The DPKG package abrt-addon-python should be removed. Uninstall abrt-cli Package Ubuntu 22.04 The DPKG package abrt-cli should be removed. Uninstall abrt-libs Package Ubuntu 22.04 The DPKG package abrt-libs should be removed. Uninstall abrt-plugin-logger Package Ubuntu 22.04 The DPKG package abrt-plugin-logger should be removed. Uninstall abrt-plugin-rhtsupport Package Ubuntu 22.04 The DPKG package abrt-plugin-rhtsupport should be removed. Uninstall abrt-plugin-sosreport Package Ubuntu 22.04 The DPKG package abrt-plugin-sosreport should be removed. Uninstall abrt-server-info-page Package Ubuntu 22.04 The DPKG package abrt-server-info-page should be removed. Uninstall Automatic Bug Reporting Tool (abrt) Ubuntu 22.04 The DPKG package abrt should be removed. Install AIDE Ubuntu 22.04 The DPKG package aide should be installed. Ensure AppArmor Utils is installed Ubuntu 22.04 The DPKG package apparmor-utils should be installed. Ensure AppArmor is installed Ubuntu 22.04 The DPKG package apparmor should be installed. Install audispd-plugins Package Ubuntu 22.04 The DPKG package audispd-plugins should be installed. Ensure the default plugins for the audit dispatcher are Installed Ubuntu 22.04 The DPKG package audispd-plugins should be installed. Ensure the audit-libs package as a part of audit Subsystem is Installed Ubuntu 22.04 The DPKG package audit-libs should be installed. Ensure the audit Subsystem is Installed Ubuntu 22.04 The DPKG package auditd should be installed. Remove autofs Package Ubuntu 22.04 The DPKG package autofs should be removed. Uninstall avahi-autoipd Server Package Ubuntu 22.04 The DPKG package avahi-autoipd should be removed. package_avahi_installed Ubuntu 22.04 The DPKG package avahi-daemon should be installed. Uninstall avahi Server Package Ubuntu 22.04 The DPKG package avahi-daemon should be removed. Uninstall bind Package Ubuntu 22.04 The DPKG package bind9 should be removed. Install binutils Package Ubuntu 22.04 The DPKG package binutils should be installed. The Chrony package is installed Ubuntu 22.04 The DPKG package chrony should be installed. Install the cron service Ubuntu 22.04 The DPKG package cron should be installed. Install crypto-policies package Ubuntu 22.04 The DPKG package crypto-policies should be installed. Install cryptsetup Package Ubuntu 22.04 The DPKG package cryptsetup should be installed. Uninstall CUPS Package Ubuntu 22.04 The DPKG package cups should be removed. Uninstall cyrus-imapd Package Ubuntu 22.04 The DPKG package cyrus-imapd should be removed. package_dconf_installed Ubuntu 22.04 The DPKG package dconf-service should be installed. Uninstall DHCP Client Package Ubuntu 22.04 The DPKG package dhcp-client should be removed. Uninstall DHCP Server Package Ubuntu 22.04 The DPKG package isc-dhcp-server should be removed. Install dnf-automatic Package Ubuntu 22.04 The DPKG package dnf-automatic should be installed. Install dnf-plugin-subscription-manager Package Ubuntu 22.04 The DPKG package dnf-plugin-subscription-manager should be installed. Uninstall dnsmasq Package Ubuntu 22.04 The DPKG package dnsmasq should be removed. Install the docker Package Ubuntu 22.04 The DPKG package docker should be installed. Uninstall dovecot Package Ubuntu 22.04 The DPKG package dovecot-core should be removed. package_esc_installed Ubuntu 22.04 The DPKG package esc should be installed. Install fapolicyd Package Ubuntu 22.04 The DPKG package fapolicyd should be installed. Install firewalld Package Ubuntu 22.04 The DPKG package firewalld should be installed. Uninstall firewalld Package Ubuntu 22.04 The DPKG package firewalld should be removed. Remove the FreeRadius Server Package Ubuntu 22.04 The DPKG package freeradius should be removed. Remove ftp Package Ubuntu 22.04 The DPKG package ftp should be removed. package_gdm_installed Ubuntu 22.04 The DPKG package gdm3 should be installed. Remove the GDM Package Group Ubuntu 22.04 The DPKG package gdm3 should be removed. Uninstall geolite2-city Package Ubuntu 22.04 The DPKG package geolite2-city should be removed. Uninstall geolite2-country Package Ubuntu 22.04 The DPKG package geolite2-country should be removed. Package glibc Installed Ubuntu 22.04 The DPKG package glibc should be installed. Install GNOME Software Ubuntu 22.04 The DPKG package gnome-software should be installed. Ensure gnutls-utils is installed Ubuntu 22.04 The DPKG package gnutls-utils should be installed. Uninstall gssproxy Package Ubuntu 22.04 The DPKG package gssproxy should be removed. Uninstall apache2 Package Ubuntu 22.04 The DPKG package apache2 should be removed. Remove telnet Clients Ubuntu 22.04 The DPKG package inetutils-telnet should be removed. Uninstall the inet-based telnet server Ubuntu 22.04 The DPKG package inetutils-telnetd should be removed. Uninstall iprutils Package Ubuntu 22.04 The DPKG package iprutils should be removed. Install iptables-nft Package Ubuntu 22.04 The DPKG package iptables-nft should be installed. Install iptables-persistent Package Ubuntu 22.04 The DPKG package iptables-persistent should be installed. Remove iptables-persistent Package Ubuntu 22.04 The DPKG package iptables-persistent should be removed. Install iptables-services Package Ubuntu 22.04 The DPKG package iptables-services should be installed. Remove iptables-services Package Ubuntu 22.04 The DPKG package iptables-services should be removed. Install iptables Package Ubuntu 22.04 The DPKG package iptables should be installed. Uninstall kea Package Ubuntu 22.04 The DPKG package kea should be removed. Remove the Kerberos Server Package Ubuntu 22.04 The DPKG package krb5-server should be removed. Uninstall krb5-workstation Package Ubuntu 22.04 The DPKG package krb5-workstation should be removed. Install libcap-ng-utils Package Ubuntu 22.04 The DPKG package libcap-ng-utils should be installed. Install libdnf-plugin-subscription-manager Package Ubuntu 22.04 The DPKG package libdnf-plugin-subscription-manager should be installed. Uninstall libreport-plugin-logger Package Ubuntu 22.04 The DPKG package libreport-plugin-logger should be removed. Uninstall libreport-plugin-rhtsupport Package Ubuntu 22.04 The DPKG package libreport-plugin-rhtsupport should be removed. Install libreswan Package Ubuntu 22.04 The DPKG package libreswan should be installed. Install libselinux Package Ubuntu 22.04 The DPKG package libselinux should be installed. Ensure logrotate is Installed Ubuntu 22.04 The DPKG package logrotate should be installed. The mailx Package Is Installed Ubuntu 22.04 The DPKG package mailx should be installed. Install McAfee Endpoint Security for Linux (ENSL) Ubuntu 22.04 The DPKG package mfetp should be installed. Uninstall mcstrans Package Ubuntu 22.04 The DPKG package mcstrans should be removed. Uninstall net-snmp Package Ubuntu 22.04 The DPKG package snmp should be removed. Uninstall nfs-kernel-server Package Ubuntu 22.04 The DPKG package nfs-kernel-server should be removed. Uninstall nfs-utils Package Ubuntu 22.04 The DPKG package nfs-utils should be removed. Install nftables Package Ubuntu 22.04 The DPKG package nftables should be installed. Uninstall nftables package Ubuntu 22.04 The DPKG package nftables should be removed. Uninstall nginx Package Ubuntu 22.04 The DPKG package nginx should be removed. Uninstall the nis package Ubuntu 22.04 The DPKG package nis should be removed. Ensure nss-tools is installed Ubuntu 22.04 The DPKG package nss-tools should be installed. Install nss-sss Package Ubuntu 22.04 The DPKG package libnss-sss should be installed. Install the ntp service Ubuntu 22.04 The DPKG package ntp should be installed. Remove the ntp service Ubuntu 22.04 The DPKG package ntp should be removed. Uninstall the ntpdate package Ubuntu 22.04 The DPKG package ntpdate should be removed. Ensure LDAP client is not installed Ubuntu 22.04 The DPKG package ldap-utils should be removed. Uninstall openldap-servers Package Ubuntu 22.04 The DPKG package slapd should be removed. Install the opensc Package For Multifactor Authentication Ubuntu 22.04 The DPKG package opensc-pkcs11 should be installed. Install openscap-scanner Package Ubuntu 22.04 The DPKG package openscap-scanner should be installed. Install OpenSSH client software Ubuntu 22.04 The DPKG package openssh-clients should be installed. Install the OpenSSH Server Package Ubuntu 22.04 The DPKG package openssh-server should be installed. Remove the OpenSSH Server Package Ubuntu 22.04 The DPKG package openssh-server should be removed. Install the OpenSSH Client and Server Package Ubuntu 22.04 The DPKG package openssh should be installed. Remove the OpenSSH Client and Server Package Ubuntu 22.04 The DPKG package openssh should be removed. Install the pam_apparmor Package Ubuntu 22.04 The DPKG package pam_apparmor should be installed. package_pam_ldap_removed Ubuntu 22.04 The DPKG package pam_ldap should be removed. Install pam-modules Package Ubuntu 22.04 The DPKG package libpam-modules should be installed. Install pam_pwquality Package Ubuntu 22.04 The DPKG package libpam-pwquality should be installed. Install pam-runtime Package Ubuntu 22.04 The DPKG package libpam-runtime should be installed. Install pam-sss Package Ubuntu 22.04 The DPKG package libpam-sss should be installed. Install the pcsc-lite-ccid package Ubuntu 22.04 The DPKG package pcsc-lite-ccid should be installed. Install the pcsc-lite package Ubuntu 22.04 The DPKG package pcsc-lite should be installed. Uninstall pigz Package Ubuntu 22.04 The DPKG package pigz should be removed. Install policycoreutils-python-utils package Ubuntu 22.04 The DPKG package policycoreutils-python-utils should be installed. Install policycoreutils Package Ubuntu 22.04 The DPKG package policycoreutils should be installed. The Postfix package is installed Ubuntu 22.04 The DPKG package postfix should be installed. Package "prelink" Must not be Installed Ubuntu 22.04 The DPKG package prelink should be removed. Install the psacct package Ubuntu 22.04 The DPKG package psacct should be installed. Uninstall python3-abrt-addon Package Ubuntu 22.04 The DPKG package python3-abrt-addon should be removed. Uninstall quagga Package Ubuntu 22.04 The DPKG package quagga should be removed. Install rear Package Ubuntu 22.04 The DPKG package rear should be installed. Install rng-tools Package Ubuntu 22.04 The DPKG package rng-tools should be installed. Uninstall rpcbind Package Ubuntu 22.04 The DPKG package rpcbind should be removed. Uninstall rsh-server Package Ubuntu 22.04 The DPKG package rsh-server should be removed. Uninstall rsh Package Ubuntu 22.04 The DPKG package rsh-client should be removed. Uninstall rsync Package Ubuntu 22.04 The DPKG package rsync should be removed. Ensure rsyslog-gnutls is installed Ubuntu 22.04 The DPKG package rsyslog-gnutls should be installed. Ensure rsyslog is Installed Ubuntu 22.04 The DPKG package rsyslog should be installed. The s-nail Package Is Installed Ubuntu 22.04 The DPKG package s-nail should be installed. Install the Samba Common Package Ubuntu 22.04 The DPKG package samba-common should be installed. package_samba-common_removed Ubuntu 22.04 The DPKG package samba-common should be removed. Uninstall Samba Package Ubuntu 22.04 The DPKG package samba should be removed. Install scap-security-guide Package Ubuntu 22.04 The DPKG package scap-security-guide should be installed. Install the screen Package Ubuntu 22.04 The DPKG package screen should be installed. Uninstall Sendmail Package Ubuntu 22.04 The DPKG package sendmail should be removed. Uninstall setroubleshoot-plugins Package Ubuntu 22.04 The DPKG package setroubleshoot-plugins should be removed. Uninstall setroubleshoot-server Package Ubuntu 22.04 The DPKG package setroubleshoot-server should be removed. Uninstall setroubleshoot Package Ubuntu 22.04 The DPKG package setroubleshoot should be removed. Uninstall squid Package Ubuntu 22.04 The DPKG package squid should be removed. Install sssd-ipa Package Ubuntu 22.04 The DPKG package sssd-ipa should be installed. Install the SSSD Package Ubuntu 22.04 The DPKG package sssd should be installed. Install strongswan Package Ubuntu 22.04 The DPKG package strongswan should be installed. Install subscription-manager Package Ubuntu 22.04 The DPKG package subscription-manager should be installed. Install sudo Package Ubuntu 22.04 The DPKG package sudo should be installed. Ensure syslog-ng is Installed Ubuntu 22.04 The DPKG package syslog-ng should be installed. Install systemd-journal-remote Package Ubuntu 22.04 The DPKG package systemd-journal-remote should be installed. Uninstall talk-server Package Ubuntu 22.04 The DPKG package talk-server should be removed. Uninstall talk Package Ubuntu 22.04 The DPKG package talk should be removed. Install tar Package Ubuntu 22.04 The DPKG package tar should be installed. Install tcp_wrappers Package Ubuntu 22.04 The DPKG package tcp_wrappers should be installed. Uninstall tcpd Package Ubuntu 22.04 The DPKG package tcpd should be removed. Uninstall telnet-server Package Ubuntu 22.04 The DPKG package telnet-server should be removed. Remove telnet Clients Ubuntu 22.04 The DPKG package telnet should be removed. Uninstall the ssl compliant telnet server Ubuntu 22.04 The DPKG package telnetd-ssl should be removed. Uninstall the telnet server Ubuntu 22.04 The DPKG package telnetd should be removed. Uninstall tftpd-hpa Package Ubuntu 22.04 The DPKG package tftpd-hpa should be removed. Remove tftp Daemon Ubuntu 22.04 The DPKG package tftp should be removed. Install the systemd_timesyncd Service Ubuntu 22.04 The DPKG package systemd-timesyncd should be installed. Remove the systemd_timesyncd Service Ubuntu 22.04 The DPKG package systemd-timesyncd should be removed. Install the tmux Package Ubuntu 22.04 The DPKG package tmux should be installed. Remove tnftp Package Ubuntu 22.04 The DPKG package tnftp should be removed. Uninstall tuned Package Ubuntu 22.04 The DPKG package tuned should be removed. Install ufw Package Ubuntu 22.04 The DPKG package ufw should be installed. Remove ufw Package Ubuntu 22.04 The DPKG package ufw should be removed. Uninstall unbound Package Ubuntu 22.04 The DPKG package unbound should be removed. Install usbguard Package Ubuntu 22.04 The DPKG package usbguard should be installed. Package uuidd Installed Ubuntu 22.04 The DPKG package uuidd should be installed. Install vim Package Ubuntu 22.04 The DPKG package vim-enhanced should be installed. Install vsftpd Package Ubuntu 22.04 The DPKG package vsftpd should be installed. Uninstall vsftpd Package Ubuntu 22.04 The DPKG package vsftpd should be removed. Uninstall xinetd Package Ubuntu 22.04 The DPKG package xinetd should be removed. Remove the X Windows Xwayland Package Ubuntu 22.04 The DPKG package xorg-x11-server-Xwayland should be removed. Remove the X Windows Package Group Ubuntu 22.04 The DPKG package xserver-common should be removed. Remove NIS Client Ubuntu 22.04 The DPKG package ypbind should be removed. Uninstall ypserv Package Ubuntu 22.04 The DPKG package ypserv should be removed. Ensure /boot Located On Separate Partition Ubuntu 22.04 If stored locally, create a separate partition for /boot. If /boot will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoint can instead be configured later. Ensure /dev/shm is configured Ubuntu 22.04 If stored locally, create a separate partition for /dev/shm. If /dev/shm will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoint can instead be configured later. Ensure /home Located On Separate Partition Ubuntu 22.04 If stored locally, create a separate partition for /home. If /home will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoint can instead be configured later. Ensure /opt Located On Separate Partition Ubuntu 22.04 If stored locally, create a separate partition for /opt. If /opt will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoint can instead be configured later. Ensure /srv Located On Separate Partition Ubuntu 22.04 If stored locally, create a separate partition for /srv. If /srv will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoint can instead be configured later. Ensure /tmp Located On Separate Partition Ubuntu 22.04 If stored locally, create a separate partition for /tmp. If /tmp will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoint can instead be configured later. Ensure /usr Located On Separate Partition Ubuntu 22.04 If stored locally, create a separate partition for /usr. If /usr will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoint can instead be configured later. Ensure /var Located On Separate Partition Ubuntu 22.04 If stored locally, create a separate partition for /var. If /var will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoint can instead be configured later. Ensure /var/log Located On Separate Partition Ubuntu 22.04 If stored locally, create a separate partition for /var/log. If /var/log will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoint can instead be configured later. Ensure /var/log/audit Located On Separate Partition Ubuntu 22.04 If stored locally, create a separate partition for /var/log/audit. If /var/log/audit will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoint can instead be configured later. Ensure /var/tmp Located On Separate Partition Ubuntu 22.04 If stored locally, create a separate partition for /var/tmp. If /var/tmp will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoint can instead be configured later. Verify permissions of log files Ubuntu 22.04 This test makes sure that /var/log/ has mode 0640. If the target file or directory has an extended ACL, then it will fail the mode check. Ensure Log Files Are Owned By Appropriate Group Ubuntu 22.04 All syslog log files should have appropriate ownership. Ensure Log Files Are Owned By Appropriate User Ubuntu 22.04 All syslog log files should have appropriate ownership. Ensure System Log Files Have Correct Permissions Ubuntu 22.04 All syslog log files should have appropriate ownership. Disable the abrt_anon_write SELinux Boolean Ubuntu 22.04 The SELinux 'abrt_anon_write' boolean should be set in the system configuration. Disable the abrt_handle_event SELinux Boolean Ubuntu 22.04 The SELinux 'abrt_handle_event' boolean should be set in the system configuration. Disable the abrt_upload_watch_anon_write SELinux Boolean Ubuntu 22.04 The SELinux 'abrt_upload_watch_anon_write' boolean should be set in the system configuration. Enable the antivirus_can_scan_system SELinux Boolean Ubuntu 22.04 The SELinux 'antivirus_can_scan_system' boolean should be set in the system configuration. Disable the antivirus_use_jit SELinux Boolean Ubuntu 22.04 The SELinux 'antivirus_use_jit' boolean should be set in the system configuration. Enable the auditadm_exec_content SELinux Boolean Ubuntu 22.04 The SELinux 'auditadm_exec_content' boolean should be set in the system configuration. Disable the authlogin_nsswitch_use_ldap SELinux Boolean Ubuntu 22.04 The SELinux 'authlogin_nsswitch_use_ldap' boolean should be set in the system configuration. Disable the authlogin_radius SELinux Boolean Ubuntu 22.04 The SELinux 'authlogin_radius' boolean should be set in the system configuration. Disable the authlogin_yubikey SELinux Boolean Ubuntu 22.04 The SELinux 'authlogin_yubikey' boolean should be set in the system configuration. Disable the awstats_purge_apache_log_files SELinux Boolean Ubuntu 22.04 The SELinux 'awstats_purge_apache_log_files' boolean should be set in the system configuration. Disable the boinc_execmem SELinux Boolean Ubuntu 22.04 The SELinux 'boinc_execmem' boolean should be set in the system configuration. Disable the cdrecord_read_content SELinux Boolean Ubuntu 22.04 The SELinux 'cdrecord_read_content' boolean should be set in the system configuration. Disable the cluster_can_network_connect SELinux Boolean Ubuntu 22.04 The SELinux 'cluster_can_network_connect' boolean should be set in the system configuration. Disable the cluster_manage_all_files SELinux Boolean Ubuntu 22.04 The SELinux 'cluster_manage_all_files' boolean should be set in the system configuration. Disable the cluster_use_execmem SELinux Boolean Ubuntu 22.04 The SELinux 'cluster_use_execmem' boolean should be set in the system configuration. Disable the cobbler_anon_write SELinux Boolean Ubuntu 22.04 The SELinux 'cobbler_anon_write' boolean should be set in the system configuration. Disable the cobbler_can_network_connect SELinux Boolean Ubuntu 22.04 The SELinux 'cobbler_can_network_connect' boolean should be set in the system configuration. Disable the cobbler_use_cifs SELinux Boolean Ubuntu 22.04 The SELinux 'cobbler_use_cifs' boolean should be set in the system configuration. Disable the cobbler_use_nfs SELinux Boolean Ubuntu 22.04 The SELinux 'cobbler_use_nfs' boolean should be set in the system configuration. Disable the collectd_tcp_network_connect SELinux Boolean Ubuntu 22.04 The SELinux 'collectd_tcp_network_connect' boolean should be set in the system configuration. Disable the condor_tcp_network_connect SELinux Boolean Ubuntu 22.04 The SELinux 'condor_tcp_network_connect' boolean should be set in the system configuration. Disable the conman_can_network SELinux Boolean Ubuntu 22.04 The SELinux 'conman_can_network' boolean should be set in the system configuration. Disable the container_connect_any SELinux Boolean Ubuntu 22.04 The SELinux 'container_connect_any' boolean should be set in the system configuration. Disable the cron_can_relabel SELinux Boolean Ubuntu 22.04 The SELinux 'cron_can_relabel' boolean should be set in the system configuration. Disable the cron_system_cronjob_use_shares SELinux Boolean Ubuntu 22.04 The SELinux 'cron_system_cronjob_use_shares' boolean should be set in the system configuration. Enable the cron_userdomain_transition SELinux Boolean Ubuntu 22.04 The SELinux 'cron_userdomain_transition' boolean should be set in the system configuration. Disable the cups_execmem SELinux Boolean Ubuntu 22.04 The SELinux 'cups_execmem' boolean should be set in the system configuration. Disable the cvs_read_shadow SELinux Boolean Ubuntu 22.04 The SELinux 'cvs_read_shadow' boolean should be set in the system configuration. Disable the daemons_dump_core SELinux Boolean Ubuntu 22.04 The SELinux 'daemons_dump_core' boolean should be set in the system configuration. Disable the daemons_enable_cluster_mode SELinux Boolean Ubuntu 22.04 The SELinux 'daemons_enable_cluster_mode' boolean should be set in the system configuration. Disable the daemons_use_tcp_wrapper SELinux Boolean Ubuntu 22.04 The SELinux 'daemons_use_tcp_wrapper' boolean should be set in the system configuration. Disable the daemons_use_tty SELinux Boolean Ubuntu 22.04 The SELinux 'daemons_use_tty' boolean should be set in the system configuration. Enable the dbadm_exec_content SELinux Boolean Ubuntu 22.04 The SELinux 'dbadm_exec_content' boolean should be set in the system configuration. Disable the dbadm_manage_user_files SELinux Boolean Ubuntu 22.04 The SELinux 'dbadm_manage_user_files' boolean should be set in the system configuration. Disable the dbadm_read_user_files SELinux Boolean Ubuntu 22.04 The SELinux 'dbadm_read_user_files' boolean should be set in the system configuration. Configure the deny_execmem SELinux Boolean Ubuntu 22.04 The SELinux 'deny_execmem' boolean should be set in the system configuration. Disable the deny_ptrace SELinux Boolean Ubuntu 22.04 The SELinux 'deny_ptrace' boolean should be set in the system configuration. Disable the dhcpc_exec_iptables SELinux Boolean Ubuntu 22.04 The SELinux 'dhcpc_exec_iptables' boolean should be set in the system configuration. Disable the dhcpd_use_ldap SELinux Boolean Ubuntu 22.04 The SELinux 'dhcpd_use_ldap' boolean should be set in the system configuration. Enable the domain_fd_use SELinux Boolean Ubuntu 22.04 The SELinux 'domain_fd_use' boolean should be set in the system configuration. Disable the domain_kernel_load_modules SELinux Boolean Ubuntu 22.04 The SELinux 'domain_kernel_load_modules' boolean should be set in the system configuration. Disable the entropyd_use_audio SELinux Boolean Ubuntu 22.04 The SELinux 'entropyd_use_audio' boolean should be set in the system configuration. Disable the exim_can_connect_db SELinux Boolean Ubuntu 22.04 The SELinux 'exim_can_connect_db' boolean should be set in the system configuration. Disable the exim_manage_user_files SELinux Boolean Ubuntu 22.04 The SELinux 'exim_manage_user_files' boolean should be set in the system configuration. Disable the exim_read_user_files SELinux Boolean Ubuntu 22.04 The SELinux 'exim_read_user_files' boolean should be set in the system configuration. Disable the fcron_crond SELinux Boolean Ubuntu 22.04 The SELinux 'fcron_crond' boolean should be set in the system configuration. Disable the fenced_can_network_connect SELinux Boolean Ubuntu 22.04 The SELinux 'fenced_can_network_connect' boolean should be set in the system configuration. Disable the fenced_can_ssh SELinux Boolean Ubuntu 22.04 The SELinux 'fenced_can_ssh' boolean should be set in the system configuration. Enable the fips_mode SELinux Boolean Ubuntu 22.04 The SELinux 'fips_mode' boolean should be set in the system configuration. Disable the ftpd_anon_write SELinux Boolean Ubuntu 22.04 The SELinux 'ftpd_anon_write' boolean should be set in the system configuration. Disable the ftpd_connect_all_unreserved SELinux Boolean Ubuntu 22.04 The SELinux 'ftpd_connect_all_unreserved' boolean should be set in the system configuration. Disable the ftpd_connect_db SELinux Boolean Ubuntu 22.04 The SELinux 'ftpd_connect_db' boolean should be set in the system configuration. Disable the ftpd_full_access SELinux Boolean Ubuntu 22.04 The SELinux 'ftpd_full_access' boolean should be set in the system configuration. Disable the ftpd_use_cifs SELinux Boolean Ubuntu 22.04 The SELinux 'ftpd_use_cifs' boolean should be set in the system configuration. Disable the ftpd_use_fusefs SELinux Boolean Ubuntu 22.04 The SELinux 'ftpd_use_fusefs' boolean should be set in the system configuration. Disable the ftpd_use_nfs SELinux Boolean Ubuntu 22.04 The SELinux 'ftpd_use_nfs' boolean should be set in the system configuration. Disable the ftpd_use_passive_mode SELinux Boolean Ubuntu 22.04 The SELinux 'ftpd_use_passive_mode' boolean should be set in the system configuration. Disable the git_cgi_enable_homedirs SELinux Boolean Ubuntu 22.04 The SELinux 'git_cgi_enable_homedirs' boolean should be set in the system configuration. Disable the git_cgi_use_cifs SELinux Boolean Ubuntu 22.04 The SELinux 'git_cgi_use_cifs' boolean should be set in the system configuration. Disable the git_cgi_use_nfs SELinux Boolean Ubuntu 22.04 The SELinux 'git_cgi_use_nfs' boolean should be set in the system configuration. Disable the git_session_bind_all_unreserved_ports SELinux Boolean Ubuntu 22.04 The SELinux 'git_session_bind_all_unreserved_ports' boolean should be set in the system configuration. Disable the git_session_users SELinux Boolean Ubuntu 22.04 The SELinux 'git_session_users' boolean should be set in the system configuration. Disable the git_system_enable_homedirs SELinux Boolean Ubuntu 22.04 The SELinux 'git_system_enable_homedirs' boolean should be set in the system configuration. Disable the git_system_use_cifs SELinux Boolean Ubuntu 22.04 The SELinux 'git_system_use_cifs' boolean should be set in the system configuration. Disable the git_system_use_nfs SELinux Boolean Ubuntu 22.04 The SELinux 'git_system_use_nfs' boolean should be set in the system configuration. Disable the gitosis_can_sendmail SELinux Boolean Ubuntu 22.04 The SELinux 'gitosis_can_sendmail' boolean should be set in the system configuration. Disable the glance_api_can_network SELinux Boolean Ubuntu 22.04 The SELinux 'glance_api_can_network' boolean should be set in the system configuration. Disable the glance_use_execmem SELinux Boolean Ubuntu 22.04 The SELinux 'glance_use_execmem' boolean should be set in the system configuration. Disable the glance_use_fusefs SELinux Boolean Ubuntu 22.04 The SELinux 'glance_use_fusefs' boolean should be set in the system configuration. Disable the global_ssp SELinux Boolean Ubuntu 22.04 The SELinux 'global_ssp' boolean should be set in the system configuration. Disable the gluster_anon_write SELinux Boolean Ubuntu 22.04 The SELinux 'gluster_anon_write' boolean should be set in the system configuration. Disable the gluster_export_all_ro SELinux Boolean Ubuntu 22.04 The SELinux 'gluster_export_all_ro' boolean should be set in the system configuration. Configure the gluster_export_all_rw SELinux Boolean Ubuntu 22.04 The SELinux 'gluster_export_all_rw' boolean should be set in the system configuration. Disable the gpg_web_anon_write SELinux Boolean Ubuntu 22.04 The SELinux 'gpg_web_anon_write' boolean should be set in the system configuration. Enable the gssd_read_tmp SELinux Boolean Ubuntu 22.04 The SELinux 'gssd_read_tmp' boolean should be set in the system configuration. Disable the guest_exec_content SELinux Boolean Ubuntu 22.04 The SELinux 'guest_exec_content' boolean should be set in the system configuration. Disable the haproxy_connect_any SELinux Boolean Ubuntu 22.04 The SELinux 'haproxy_connect_any' boolean should be set in the system configuration. Disable the httpd_anon_write SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_anon_write' boolean should be set in the system configuration. Configure the httpd_builtin_scripting SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_builtin_scripting' boolean should be set in the system configuration. Disable the httpd_can_check_spam SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_can_check_spam' boolean should be set in the system configuration. Disable the httpd_can_connect_ftp SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_can_connect_ftp' boolean should be set in the system configuration. Disable the httpd_can_connect_ldap SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_can_connect_ldap' boolean should be set in the system configuration. Disable the httpd_can_connect_mythtv SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_can_connect_mythtv' boolean should be set in the system configuration. Disable the httpd_can_connect_zabbix SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_can_connect_zabbix' boolean should be set in the system configuration. Disable the httpd_can_network_connect SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_can_network_connect' boolean should be set in the system configuration. Disable the httpd_can_network_connect_cobbler SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_can_network_connect_cobbler' boolean should be set in the system configuration. Disable the httpd_can_network_connect_db SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_can_network_connect_db' boolean should be set in the system configuration. Disable the httpd_can_network_memcache SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_can_network_memcache' boolean should be set in the system configuration. Disable the httpd_can_network_relay SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_can_network_relay' boolean should be set in the system configuration. Disable the httpd_can_sendmail SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_can_sendmail' boolean should be set in the system configuration. Disable the httpd_dbus_avahi SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_dbus_avahi' boolean should be set in the system configuration. Disable the httpd_dbus_sssd SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_dbus_sssd' boolean should be set in the system configuration. Disable the httpd_dontaudit_search_dirs SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_dontaudit_search_dirs' boolean should be set in the system configuration. Configure the httpd_enable_cgi SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_enable_cgi' boolean should be set in the system configuration. Disable the httpd_enable_ftp_server SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_enable_ftp_server' boolean should be set in the system configuration. Disable the httpd_enable_homedirs SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_enable_homedirs' boolean should be set in the system configuration. Disable the httpd_execmem SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_execmem' boolean should be set in the system configuration. Enable the httpd_graceful_shutdown SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_graceful_shutdown' boolean should be set in the system configuration. Disable the httpd_manage_ipa SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_manage_ipa' boolean should be set in the system configuration. Disable the httpd_mod_auth_ntlm_winbind SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_mod_auth_ntlm_winbind' boolean should be set in the system configuration. Disable the httpd_mod_auth_pam SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_mod_auth_pam' boolean should be set in the system configuration. Disable the httpd_read_user_content SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_read_user_content' boolean should be set in the system configuration. Disable the httpd_run_ipa SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_run_ipa' boolean should be set in the system configuration. Disable the httpd_run_preupgrade SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_run_preupgrade' boolean should be set in the system configuration. Disable the httpd_run_stickshift SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_run_stickshift' boolean should be set in the system configuration. Disable the httpd_serve_cobbler_files SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_serve_cobbler_files' boolean should be set in the system configuration. Disable the httpd_setrlimit SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_setrlimit' boolean should be set in the system configuration. Disable the httpd_ssi_exec SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_ssi_exec' boolean should be set in the system configuration. Disable the httpd_sys_script_anon_write SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_sys_script_anon_write' boolean should be set in the system configuration. Disable the httpd_tmp_exec SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_tmp_exec' boolean should be set in the system configuration. Disable the httpd_tty_comm SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_tty_comm' boolean should be set in the system configuration. Disable the httpd_unified SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_unified' boolean should be set in the system configuration. Disable the httpd_use_cifs SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_use_cifs' boolean should be set in the system configuration. Disable the httpd_use_fusefs SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_use_fusefs' boolean should be set in the system configuration. Disable the httpd_use_gpg SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_use_gpg' boolean should be set in the system configuration. Disable the httpd_use_nfs SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_use_nfs' boolean should be set in the system configuration. Disable the httpd_use_openstack SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_use_openstack' boolean should be set in the system configuration. Disable the httpd_use_sasl SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_use_sasl' boolean should be set in the system configuration. Disable the httpd_verify_dns SELinux Boolean Ubuntu 22.04 The SELinux 'httpd_verify_dns' boolean should be set in the system configuration. Disable the icecast_use_any_tcp_ports SELinux Boolean Ubuntu 22.04 The SELinux 'icecast_use_any_tcp_ports' boolean should be set in the system configuration. Disable the irc_use_any_tcp_ports SELinux Boolean Ubuntu 22.04 The SELinux 'irc_use_any_tcp_ports' boolean should be set in the system configuration. Disable the irssi_use_full_network SELinux Boolean Ubuntu 22.04 The SELinux 'irssi_use_full_network' boolean should be set in the system configuration. Disable the kdumpgui_run_bootloader SELinux Boolean Ubuntu 22.04 The SELinux 'kdumpgui_run_bootloader' boolean should be set in the system configuration. Enable the kerberos_enabled SELinux Boolean Ubuntu 22.04 The SELinux 'kerberos_enabled' boolean should be set in the system configuration. Disable the ksmtuned_use_cifs SELinux Boolean Ubuntu 22.04 The SELinux 'ksmtuned_use_cifs' boolean should be set in the system configuration. Disable the ksmtuned_use_nfs SELinux Boolean Ubuntu 22.04 The SELinux 'ksmtuned_use_nfs' boolean should be set in the system configuration. Enable the logadm_exec_content SELinux Boolean Ubuntu 22.04 The SELinux 'logadm_exec_content' boolean should be set in the system configuration. Disable the logging_syslogd_can_sendmail SELinux Boolean Ubuntu 22.04 The SELinux 'logging_syslogd_can_sendmail' boolean should be set in the system configuration. Disable the logging_syslogd_run_nagios_plugins SELinux Boolean Ubuntu 22.04 The SELinux 'logging_syslogd_run_nagios_plugins' boolean should be set in the system configuration. Enable the logging_syslogd_use_tty SELinux Boolean Ubuntu 22.04 The SELinux 'logging_syslogd_use_tty' boolean should be set in the system configuration. Enable the login_console_enabled SELinux Boolean Ubuntu 22.04 The SELinux 'login_console_enabled' boolean should be set in the system configuration. Disable the logrotate_use_nfs SELinux Boolean Ubuntu 22.04 The SELinux 'logrotate_use_nfs' boolean should be set in the system configuration. Disable the logwatch_can_network_connect_mail SELinux Boolean Ubuntu 22.04 The SELinux 'logwatch_can_network_connect_mail' boolean should be set in the system configuration. Disable the lsmd_plugin_connect_any SELinux Boolean Ubuntu 22.04 The SELinux 'lsmd_plugin_connect_any' boolean should be set in the system configuration. Disable the mailman_use_fusefs SELinux Boolean Ubuntu 22.04 The SELinux 'mailman_use_fusefs' boolean should be set in the system configuration. Disable the mcelog_client SELinux Boolean Ubuntu 22.04 The SELinux 'mcelog_client' boolean should be set in the system configuration. Enable the mcelog_exec_scripts SELinux Boolean Ubuntu 22.04 The SELinux 'mcelog_exec_scripts' boolean should be set in the system configuration. Disable the mcelog_foreground SELinux Boolean Ubuntu 22.04 The SELinux 'mcelog_foreground' boolean should be set in the system configuration. Disable the mcelog_server SELinux Boolean Ubuntu 22.04 The SELinux 'mcelog_server' boolean should be set in the system configuration. Disable the minidlna_read_generic_user_content SELinux Boolean Ubuntu 22.04 The SELinux 'minidlna_read_generic_user_content' boolean should be set in the system configuration. Disable the mmap_low_allowed SELinux Boolean Ubuntu 22.04 The SELinux 'mmap_low_allowed' boolean should be set in the system configuration. Disable the mock_enable_homedirs SELinux Boolean Ubuntu 22.04 The SELinux 'mock_enable_homedirs' boolean should be set in the system configuration. Enable the mount_anyfile SELinux Boolean Ubuntu 22.04 The SELinux 'mount_anyfile' boolean should be set in the system configuration. Disable the mozilla_plugin_bind_unreserved_ports SELinux Boolean Ubuntu 22.04 The SELinux 'mozilla_plugin_bind_unreserved_ports' boolean should be set in the system configuration. Disable the mozilla_plugin_can_network_connect SELinux Boolean Ubuntu 22.04 The SELinux 'mozilla_plugin_can_network_connect' boolean should be set in the system configuration. Disable the mozilla_plugin_use_bluejeans SELinux Boolean Ubuntu 22.04 The SELinux 'mozilla_plugin_use_bluejeans' boolean should be set in the system configuration. Disable the mozilla_plugin_use_gps SELinux Boolean Ubuntu 22.04 The SELinux 'mozilla_plugin_use_gps' boolean should be set in the system configuration. Disable the mozilla_plugin_use_spice SELinux Boolean Ubuntu 22.04 The SELinux 'mozilla_plugin_use_spice' boolean should be set in the system configuration. Disable the mozilla_read_content SELinux Boolean Ubuntu 22.04 The SELinux 'mozilla_read_content' boolean should be set in the system configuration. Disable the mpd_enable_homedirs SELinux Boolean Ubuntu 22.04 The SELinux 'mpd_enable_homedirs' boolean should be set in the system configuration. Disable the mpd_use_cifs SELinux Boolean Ubuntu 22.04 The SELinux 'mpd_use_cifs' boolean should be set in the system configuration. Disable the mpd_use_nfs SELinux Boolean Ubuntu 22.04 The SELinux 'mpd_use_nfs' boolean should be set in the system configuration. Disable the mplayer_execstack SELinux Boolean Ubuntu 22.04 The SELinux 'mplayer_execstack' boolean should be set in the system configuration. Disable the mysql_connect_any SELinux Boolean Ubuntu 22.04 The SELinux 'mysql_connect_any' boolean should be set in the system configuration. Disable the nagios_run_pnp4nagios SELinux Boolean Ubuntu 22.04 The SELinux 'nagios_run_pnp4nagios' boolean should be set in the system configuration. Disable the nagios_run_sudo SELinux Boolean Ubuntu 22.04 The SELinux 'nagios_run_sudo' boolean should be set in the system configuration. Disable the named_tcp_bind_http_port SELinux Boolean Ubuntu 22.04 The SELinux 'named_tcp_bind_http_port' boolean should be set in the system configuration. Disable the named_write_master_zones SELinux Boolean Ubuntu 22.04 The SELinux 'named_write_master_zones' boolean should be set in the system configuration. Disable the neutron_can_network SELinux Boolean Ubuntu 22.04 The SELinux 'neutron_can_network' boolean should be set in the system configuration. Enable the nfs_export_all_ro SELinux Boolean Ubuntu 22.04 The SELinux 'nfs_export_all_ro' boolean should be set in the system configuration. Enable the nfs_export_all_rw SELinux Boolean Ubuntu 22.04 The SELinux 'nfs_export_all_rw' boolean should be set in the system configuration. Disable the nfsd_anon_write SELinux Boolean Ubuntu 22.04 The SELinux 'nfsd_anon_write' boolean should be set in the system configuration. Disable the nis_enabled SELinux Boolean Ubuntu 22.04 The SELinux 'nis_enabled' boolean should be set in the system configuration. Enable the nscd_use_shm SELinux Boolean Ubuntu 22.04 The SELinux 'nscd_use_shm' boolean should be set in the system configuration. Disable the openshift_use_nfs SELinux Boolean Ubuntu 22.04 The SELinux 'openshift_use_nfs' boolean should be set in the system configuration. Disable the openvpn_can_network_connect SELinux Boolean Ubuntu 22.04 The SELinux 'openvpn_can_network_connect' boolean should be set in the system configuration. Disable the openvpn_enable_homedirs SELinux Boolean Ubuntu 22.04 The SELinux 'openvpn_enable_homedirs' boolean should be set in the system configuration. Disable the openvpn_run_unconfined SELinux Boolean Ubuntu 22.04 The SELinux 'openvpn_run_unconfined' boolean should be set in the system configuration. Disable the pcp_bind_all_unreserved_ports SELinux Boolean Ubuntu 22.04 The SELinux 'pcp_bind_all_unreserved_ports' boolean should be set in the system configuration. Disable the pcp_read_generic_logs SELinux Boolean Ubuntu 22.04 The SELinux 'pcp_read_generic_logs' boolean should be set in the system configuration. Disable the piranha_lvs_can_network_connect SELinux Boolean Ubuntu 22.04 The SELinux 'piranha_lvs_can_network_connect' boolean should be set in the system configuration. Disable the polipo_connect_all_unreserved SELinux Boolean Ubuntu 22.04 The SELinux 'polipo_connect_all_unreserved' boolean should be set in the system configuration. Disable the polipo_session_bind_all_unreserved_ports SELinux Boolean Ubuntu 22.04 The SELinux 'polipo_session_bind_all_unreserved_ports' boolean should be set in the system configuration. Disable the polipo_session_users SELinux Boolean Ubuntu 22.04 The SELinux 'polipo_session_users' boolean should be set in the system configuration. Disable the polipo_use_cifs SELinux Boolean Ubuntu 22.04 The SELinux 'polipo_use_cifs' boolean should be set in the system configuration. Disable the polipo_use_nfs SELinux Boolean Ubuntu 22.04 The SELinux 'polipo_use_nfs' boolean should be set in the system configuration. Configure the polyinstantiation_enabled SELinux Boolean Ubuntu 22.04 The SELinux 'polyinstantiation_enabled' boolean should be set in the system configuration. Enable the postfix_local_write_mail_spool SELinux Boolean Ubuntu 22.04 The SELinux 'postfix_local_write_mail_spool' boolean should be set in the system configuration. Disable the postgresql_can_rsync SELinux Boolean Ubuntu 22.04 The SELinux 'postgresql_can_rsync' boolean should be set in the system configuration. Disable the postgresql_selinux_transmit_client_label SELinux Boolean Ubuntu 22.04 The SELinux 'postgresql_selinux_transmit_client_label' boolean should be set in the system configuration. Enable the postgresql_selinux_unconfined_dbadm SELinux Boolean Ubuntu 22.04 The SELinux 'postgresql_selinux_unconfined_dbadm' boolean should be set in the system configuration. Enable the postgresql_selinux_users_ddl SELinux Boolean Ubuntu 22.04 The SELinux 'postgresql_selinux_users_ddl' boolean should be set in the system configuration. Disable the pppd_can_insmod SELinux Boolean Ubuntu 22.04 The SELinux 'pppd_can_insmod' boolean should be set in the system configuration. Disable the pppd_for_user SELinux Boolean Ubuntu 22.04 The SELinux 'pppd_for_user' boolean should be set in the system configuration. Disable the privoxy_connect_any SELinux Boolean Ubuntu 22.04 The SELinux 'privoxy_connect_any' boolean should be set in the system configuration. Disable the prosody_bind_http_port SELinux Boolean Ubuntu 22.04 The SELinux 'prosody_bind_http_port' boolean should be set in the system configuration. Disable the puppetagent_manage_all_files SELinux Boolean Ubuntu 22.04 The SELinux 'puppetagent_manage_all_files' boolean should be set in the system configuration. Disable the puppetmaster_use_db SELinux Boolean Ubuntu 22.04 The SELinux 'puppetmaster_use_db' boolean should be set in the system configuration. Disable the racoon_read_shadow SELinux Boolean Ubuntu 22.04 The SELinux 'racoon_read_shadow' boolean should be set in the system configuration. Disable the rsync_anon_write SELinux Boolean Ubuntu 22.04 The SELinux 'rsync_anon_write' boolean should be set in the system configuration. Disable the rsync_client SELinux Boolean Ubuntu 22.04 The SELinux 'rsync_client' boolean should be set in the system configuration. Disable the rsync_export_all_ro SELinux Boolean Ubuntu 22.04 The SELinux 'rsync_export_all_ro' boolean should be set in the system configuration. Disable the rsync_full_access SELinux Boolean Ubuntu 22.04 The SELinux 'rsync_full_access' boolean should be set in the system configuration. Disable the samba_create_home_dirs SELinux Boolean Ubuntu 22.04 The SELinux 'samba_create_home_dirs' boolean should be set in the system configuration. Disable the samba_domain_controller SELinux Boolean Ubuntu 22.04 The SELinux 'samba_domain_controller' boolean should be set in the system configuration. Disable the samba_enable_home_dirs SELinux Boolean Ubuntu 22.04 The SELinux 'samba_enable_home_dirs' boolean should be set in the system configuration. Disable the samba_export_all_ro SELinux Boolean Ubuntu 22.04 The SELinux 'samba_export_all_ro' boolean should be set in the system configuration. Disable the samba_export_all_rw SELinux Boolean Ubuntu 22.04 The SELinux 'samba_export_all_rw' boolean should be set in the system configuration. Disable the samba_load_libgfapi SELinux Boolean Ubuntu 22.04 The SELinux 'samba_load_libgfapi' boolean should be set in the system configuration. Disable the samba_portmapper SELinux Boolean Ubuntu 22.04 The SELinux 'samba_portmapper' boolean should be set in the system configuration. Disable the samba_run_unconfined SELinux Boolean Ubuntu 22.04 The SELinux 'samba_run_unconfined' boolean should be set in the system configuration. Disable the samba_share_fusefs SELinux Boolean Ubuntu 22.04 The SELinux 'samba_share_fusefs' boolean should be set in the system configuration. Disable the samba_share_nfs SELinux Boolean Ubuntu 22.04 The SELinux 'samba_share_nfs' boolean should be set in the system configuration. Disable the sanlock_use_fusefs SELinux Boolean Ubuntu 22.04 The SELinux 'sanlock_use_fusefs' boolean should be set in the system configuration. Disable the sanlock_use_nfs SELinux Boolean Ubuntu 22.04 The SELinux 'sanlock_use_nfs' boolean should be set in the system configuration. Disable the sanlock_use_samba SELinux Boolean Ubuntu 22.04 The SELinux 'sanlock_use_samba' boolean should be set in the system configuration. Disable the saslauthd_read_shadow SELinux Boolean Ubuntu 22.04 The SELinux 'saslauthd_read_shadow' boolean should be set in the system configuration. Enable the secadm_exec_content SELinux Boolean Ubuntu 22.04 The SELinux 'secadm_exec_content' boolean should be set in the system configuration. Disable the secure_mode SELinux Boolean Ubuntu 22.04 The SELinux 'secure_mode' boolean should be set in the system configuration. Configure the secure_mode_insmod SELinux Boolean Ubuntu 22.04 The SELinux 'secure_mode_insmod' boolean should be set in the system configuration. Disable the secure_mode_policyload SELinux Boolean Ubuntu 22.04 The SELinux 'secure_mode_policyload' boolean should be set in the system configuration. Configure the selinuxuser_direct_dri_enabled SELinux Boolean Ubuntu 22.04 The SELinux 'selinuxuser_direct_dri_enabled' boolean should be set in the system configuration. Disable the selinuxuser_execheap SELinux Boolean Ubuntu 22.04 The SELinux 'selinuxuser_execheap' boolean should be set in the system configuration. Enable the selinuxuser_execmod SELinux Boolean Ubuntu 22.04 The SELinux 'selinuxuser_execmod' boolean should be set in the system configuration. Disable the selinuxuser_execstack SELinux Boolean Ubuntu 22.04 The SELinux 'selinuxuser_execstack' boolean should be set in the system configuration. Disable the selinuxuser_mysql_connect_enabled SELinux Boolean Ubuntu 22.04 The SELinux 'selinuxuser_mysql_connect_enabled' boolean should be set in the system configuration. Enable the selinuxuser_ping SELinux Boolean Ubuntu 22.04 The SELinux 'selinuxuser_ping' boolean should be set in the system configuration. Disable the selinuxuser_postgresql_connect_enabled SELinux Boolean Ubuntu 22.04 The SELinux 'selinuxuser_postgresql_connect_enabled' boolean should be set in the system configuration. Disable the selinuxuser_rw_noexattrfile SELinux Boolean Ubuntu 22.04 The SELinux 'selinuxuser_rw_noexattrfile' boolean should be set in the system configuration. Disable the selinuxuser_share_music SELinux Boolean Ubuntu 22.04 The SELinux 'selinuxuser_share_music' boolean should be set in the system configuration. Disable the selinuxuser_tcp_server SELinux Boolean Ubuntu 22.04 The SELinux 'selinuxuser_tcp_server' boolean should be set in the system configuration. Disable the selinuxuser_udp_server SELinux Boolean Ubuntu 22.04 The SELinux 'selinuxuser_udp_server' boolean should be set in the system configuration. Disable the selinuxuser_use_ssh_chroot SELinux Boolean Ubuntu 22.04 The SELinux 'selinuxuser_use_ssh_chroot' boolean should be set in the system configuration. Disable the sge_domain_can_network_connect SELinux Boolean Ubuntu 22.04 The SELinux 'sge_domain_can_network_connect' boolean should be set in the system configuration. Disable the sge_use_nfs SELinux Boolean Ubuntu 22.04 The SELinux 'sge_use_nfs' boolean should be set in the system configuration. Disable the smartmon_3ware SELinux Boolean Ubuntu 22.04 The SELinux 'smartmon_3ware' boolean should be set in the system configuration. Disable the smbd_anon_write SELinux Boolean Ubuntu 22.04 The SELinux 'smbd_anon_write' boolean should be set in the system configuration. Disable the spamassassin_can_network SELinux Boolean Ubuntu 22.04 The SELinux 'spamassassin_can_network' boolean should be set in the system configuration. Enable the spamd_enable_home_dirs SELinux Boolean Ubuntu 22.04 The SELinux 'spamd_enable_home_dirs' boolean should be set in the system configuration. Disable the squid_connect_any SELinux Boolean Ubuntu 22.04 The SELinux 'squid_connect_any' boolean should be set in the system configuration. Disable the squid_use_tproxy SELinux Boolean Ubuntu 22.04 The SELinux 'squid_use_tproxy' boolean should be set in the system configuration. Disable the ssh_chroot_rw_homedirs SELinux Boolean Ubuntu 22.04 The SELinux 'ssh_chroot_rw_homedirs' boolean should be set in the system configuration. Disable the ssh_keysign SELinux Boolean Ubuntu 22.04 The SELinux 'ssh_keysign' boolean should be set in the system configuration. Disable the ssh_sysadm_login SELinux Boolean Ubuntu 22.04 The SELinux 'ssh_sysadm_login' boolean should be set in the system configuration. Enable the staff_exec_content SELinux Boolean Ubuntu 22.04 The SELinux 'staff_exec_content' boolean should be set in the system configuration. Disable the staff_use_svirt SELinux Boolean Ubuntu 22.04 The SELinux 'staff_use_svirt' boolean should be set in the system configuration. Disable the swift_can_network SELinux Boolean Ubuntu 22.04 The SELinux 'swift_can_network' boolean should be set in the system configuration. Enable the sysadm_exec_content SELinux Boolean Ubuntu 22.04 The SELinux 'sysadm_exec_content' boolean should be set in the system configuration. Disable the telepathy_connect_all_ports SELinux Boolean Ubuntu 22.04 The SELinux 'telepathy_connect_all_ports' boolean should be set in the system configuration. Disable the telepathy_tcp_connect_generic_network_ports SELinux Boolean Ubuntu 22.04 The SELinux 'telepathy_tcp_connect_generic_network_ports' boolean should be set in the system configuration. Disable the tftp_anon_write SELinux Boolean Ubuntu 22.04 The SELinux 'tftp_anon_write' boolean should be set in the system configuration. Disable the tftp_home_dir SELinux Boolean Ubuntu 22.04 The SELinux 'tftp_home_dir' boolean should be set in the system configuration. Disable the tmpreaper_use_nfs SELinux Boolean Ubuntu 22.04 The SELinux 'tmpreaper_use_nfs' boolean should be set in the system configuration. Disable the tmpreaper_use_samba SELinux Boolean Ubuntu 22.04 The SELinux 'tmpreaper_use_samba' boolean should be set in the system configuration. Disable the tor_bind_all_unreserved_ports SELinux Boolean Ubuntu 22.04 The SELinux 'tor_bind_all_unreserved_ports' boolean should be set in the system configuration. Disable the tor_can_network_relay SELinux Boolean Ubuntu 22.04 The SELinux 'tor_can_network_relay' boolean should be set in the system configuration. Enable the unconfined_chrome_sandbox_transition SELinux Boolean Ubuntu 22.04 The SELinux 'unconfined_chrome_sandbox_transition' boolean should be set in the system configuration. Enable the unconfined_login SELinux Boolean Ubuntu 22.04 The SELinux 'unconfined_login' boolean should be set in the system configuration. Enable the unconfined_mozilla_plugin_transition SELinux Boolean Ubuntu 22.04 The SELinux 'unconfined_mozilla_plugin_transition' boolean should be set in the system configuration. Disable the unprivuser_use_svirt SELinux Boolean Ubuntu 22.04 The SELinux 'unprivuser_use_svirt' boolean should be set in the system configuration. Disable the use_ecryptfs_home_dirs SELinux Boolean Ubuntu 22.04 The SELinux 'use_ecryptfs_home_dirs' boolean should be set in the system configuration. Disable the use_fusefs_home_dirs SELinux Boolean Ubuntu 22.04 The SELinux 'use_fusefs_home_dirs' boolean should be set in the system configuration. Disable the use_lpd_server SELinux Boolean Ubuntu 22.04 The SELinux 'use_lpd_server' boolean should be set in the system configuration. Disable the use_nfs_home_dirs SELinux Boolean Ubuntu 22.04 The SELinux 'use_nfs_home_dirs' boolean should be set in the system configuration. Disable the use_samba_home_dirs SELinux Boolean Ubuntu 22.04 The SELinux 'use_samba_home_dirs' boolean should be set in the system configuration. Enable the user_exec_content SELinux Boolean Ubuntu 22.04 The SELinux 'user_exec_content' boolean should be set in the system configuration. Disable the varnishd_connect_any SELinux Boolean Ubuntu 22.04 The SELinux 'varnishd_connect_any' boolean should be set in the system configuration. Disable the virt_read_qemu_ga_data SELinux Boolean Ubuntu 22.04 The SELinux 'virt_read_qemu_ga_data' boolean should be set in the system configuration. Disable the virt_rw_qemu_ga_data SELinux Boolean Ubuntu 22.04 The SELinux 'virt_rw_qemu_ga_data' boolean should be set in the system configuration. Disable the virt_sandbox_use_all_caps SELinux Boolean Ubuntu 22.04 The SELinux 'virt_sandbox_use_all_caps' boolean should be set in the system configuration. Enable the virt_sandbox_use_audit SELinux Boolean Ubuntu 22.04 The SELinux 'virt_sandbox_use_audit' boolean should be set in the system configuration. Disable the virt_sandbox_use_mknod SELinux Boolean Ubuntu 22.04 The SELinux 'virt_sandbox_use_mknod' boolean should be set in the system configuration. Disable the virt_sandbox_use_netlink SELinux Boolean Ubuntu 22.04 The SELinux 'virt_sandbox_use_netlink' boolean should be set in the system configuration. Disable the virt_sandbox_use_sys_admin SELinux Boolean Ubuntu 22.04 The SELinux 'virt_sandbox_use_sys_admin' boolean should be set in the system configuration. Disable the virt_transition_userdomain SELinux Boolean Ubuntu 22.04 The SELinux 'virt_transition_userdomain' boolean should be set in the system configuration. Disable the virt_use_comm SELinux Boolean Ubuntu 22.04 The SELinux 'virt_use_comm' boolean should be set in the system configuration. Disable the virt_use_execmem SELinux Boolean Ubuntu 22.04 The SELinux 'virt_use_execmem' boolean should be set in the system configuration. Disable the virt_use_fusefs SELinux Boolean Ubuntu 22.04 The SELinux 'virt_use_fusefs' boolean should be set in the system configuration. Disable the virt_use_nfs SELinux Boolean Ubuntu 22.04 The SELinux 'virt_use_nfs' boolean should be set in the system configuration. Disable the virt_use_rawip SELinux Boolean Ubuntu 22.04 The SELinux 'virt_use_rawip' boolean should be set in the system configuration. Disable the virt_use_samba SELinux Boolean Ubuntu 22.04 The SELinux 'virt_use_samba' boolean should be set in the system configuration. Disable the virt_use_sanlock SELinux Boolean Ubuntu 22.04 The SELinux 'virt_use_sanlock' boolean should be set in the system configuration. Disable the virt_use_usb SELinux Boolean Ubuntu 22.04 The SELinux 'virt_use_usb' boolean should be set in the system configuration. Disable the virt_use_xserver SELinux Boolean Ubuntu 22.04 The SELinux 'virt_use_xserver' boolean should be set in the system configuration. Disable the webadm_manage_user_files SELinux Boolean Ubuntu 22.04 The SELinux 'webadm_manage_user_files' boolean should be set in the system configuration. Disable the webadm_read_user_files SELinux Boolean Ubuntu 22.04 The SELinux 'webadm_read_user_files' boolean should be set in the system configuration. Disable the wine_mmap_zero_ignore SELinux Boolean Ubuntu 22.04 The SELinux 'wine_mmap_zero_ignore' boolean should be set in the system configuration. Disable the xdm_bind_vnc_tcp_port SELinux Boolean Ubuntu 22.04 The SELinux 'xdm_bind_vnc_tcp_port' boolean should be set in the system configuration. Disable the xdm_exec_bootloader SELinux Boolean Ubuntu 22.04 The SELinux 'xdm_exec_bootloader' boolean should be set in the system configuration. Disable the xdm_sysadm_login SELinux Boolean Ubuntu 22.04 The SELinux 'xdm_sysadm_login' boolean should be set in the system configuration. Disable the xdm_write_home SELinux Boolean Ubuntu 22.04 The SELinux 'xdm_write_home' boolean should be set in the system configuration. Disable the xen_use_nfs SELinux Boolean Ubuntu 22.04 The SELinux 'xen_use_nfs' boolean should be set in the system configuration. Enable the xend_run_blktap SELinux Boolean Ubuntu 22.04 The SELinux 'xend_run_blktap' boolean should be set in the system configuration. Enable the xend_run_qemu SELinux Boolean Ubuntu 22.04 The SELinux 'xend_run_qemu' boolean should be set in the system configuration. Disable the xguest_connect_network SELinux Boolean Ubuntu 22.04 The SELinux 'xguest_connect_network' boolean should be set in the system configuration. Disable the xguest_exec_content SELinux Boolean Ubuntu 22.04 The SELinux 'xguest_exec_content' boolean should be set in the system configuration. Disable the xguest_mount_media SELinux Boolean Ubuntu 22.04 The SELinux 'xguest_mount_media' boolean should be set in the system configuration. Disable the xguest_use_bluetooth SELinux Boolean Ubuntu 22.04 The SELinux 'xguest_use_bluetooth' boolean should be set in the system configuration. Disable the xserver_clients_write_xshm SELinux Boolean Ubuntu 22.04 The SELinux 'xserver_clients_write_xshm' boolean should be set in the system configuration. Disable the xserver_execmem SELinux Boolean Ubuntu 22.04 The SELinux 'xserver_execmem' boolean should be set in the system configuration. Disable the xserver_object_manager SELinux Boolean Ubuntu 22.04 The SELinux 'xserver_object_manager' boolean should be set in the system configuration. Disable the zabbix_can_network SELinux Boolean Ubuntu 22.04 The SELinux 'zabbix_can_network' boolean should be set in the system configuration. Disable the zarafa_setrlimit SELinux Boolean Ubuntu 22.04 The SELinux 'zarafa_setrlimit' boolean should be set in the system configuration. Disable the zebra_write_config SELinux Boolean Ubuntu 22.04 The SELinux 'zebra_write_config' boolean should be set in the system configuration. Disable the zoneminder_anon_write SELinux Boolean Ubuntu 22.04 The SELinux 'zoneminder_anon_write' boolean should be set in the system configuration. Disable the zoneminder_run_sudo SELinux Boolean Ubuntu 22.04 The SELinux 'zoneminder_run_sudo' boolean should be set in the system configuration. Configure SELinux Policy Ubuntu 22.04 Ensure 'SELINUXTYPE' is configured with value configured through XCCDF variable var_selinux_policy_name' in /etc/selinux/config Enable the SuSEfirewall 2 Ubuntu 22.04 The SuSEfirewall2 service should be enabled if possible. Disable Automatic Bug Reporting Tool (abrtd) Ubuntu 22.04 The abrtd service should be disabled. Disable Advanced Configuration and Power Interface (acpid) Ubuntu 22.04 The acpid service should be disabled. Disable Apport Service Ubuntu 22.04 The apport service should be disabled. Disable At Service (atd) Ubuntu 22.04 The atd service should be disabled. Enable auditd Service Ubuntu 22.04 The auditd service should be enabled if possible. Disable the Automounter Ubuntu 22.04 The autofs service should be disabled. Disable Avahi Server Software Ubuntu 22.04 The avahi-daemon service should be disabled. Disable Bluetooth Service Ubuntu 22.04 The bluetooth service should be disabled. Disable Certmonger Service (certmonger) Ubuntu 22.04 The certmonger service should be disabled. The Chronyd service is disabled Ubuntu 22.04 The chrony service should be disabled. The Chronyd service is enabled Ubuntu 22.04 The chrony service should be enabled if possible. Disable Cockpit Management Server Ubuntu 22.04 The cockpit service should be disabled. Disable CPU Speed (cpupower) Ubuntu 22.04 The cpupower service should be disabled. Enable cron Service Ubuntu 22.04 The cron service should be enabled if possible. Enable cron Service Ubuntu 22.04 The crond service should be enabled if possible. Disable the CUPS Service Ubuntu 22.04 The cups service should be disabled. Disable debug-shell SystemD Service Ubuntu 22.04 The debug-shell service should be disabled. Disable DHCPD6 Service Ubuntu 22.04 The dhcpd6 service should be disabled. Disable DHCP Service Ubuntu 22.04 The dhcpd service should be disabled. Disable dnsmasq Service Ubuntu 22.04 The dnsmasq service should be disabled. Enable the Docker service Ubuntu 22.04 The docker service should be enabled if possible. Disable Dovecot Service Ubuntu 22.04 The dovecot service should be disabled. Enable the File Access Policy Service Ubuntu 22.04 The fapolicyd service should be enabled if possible. Verify firewalld service disabled Ubuntu 22.04 The firewalld service should be disabled. Verify firewalld Enabled Ubuntu 22.04 The firewalld service should be enabled if possible. Disable apache2 Service Ubuntu 22.04 The apache2 service should be disabled. Verify ip6tables Enabled if Using IPv6 Ubuntu 22.04 The ip6tables service should be enabled if possible. Verify iptables Enabled Ubuntu 22.04 The iptables service should be enabled if possible. Disable KDump Kernel Crash Analyzer (kdump) Ubuntu 22.04 The kdump-tools service should be disabled. Disable Software RAID Monitor (mdmonitor) Ubuntu 22.04 The mdmonitor service should be disabled. Enable nails Service Ubuntu 22.04 The nails service should be enabled if possible. Disable named Service Ubuntu 22.04 The named service should be disabled. Disable Network Console (netconsole) Ubuntu 22.04 The netconsole service should be disabled. Disable Network File Systems (netfs) Ubuntu 22.04 The netfs service should be disabled. Disable Network File System (nfs) Ubuntu 22.04 The nfs-server service should be disabled. Disable Network File System Lock Service (nfslock) Ubuntu 22.04 The nfslock service should be disabled. Verify nftables Service is Disabled Ubuntu 22.04 The nftables service should be disabled. Verify nftables Service is Enabled Ubuntu 22.04 The nftables service should be enabled if possible. Disable nginx Service Ubuntu 22.04 The nginx service should be disabled. Enable the NTP Daemon Ubuntu 22.04 The ntp service should be enabled if possible. Enable the NTP Daemon Ubuntu 22.04 The ntpd service should be enabled if possible. Disable ntpdate Service (ntpdate) Ubuntu 22.04 The ntpdate service should be disabled. Disable Odd Job Daemon (oddjobd) Ubuntu 22.04 The oddjobd service should be disabled. Enable the pcscd Service Ubuntu 22.04 The pcscd service should be enabled if possible. Disable Portreserve (portreserve) Ubuntu 22.04 The portreserve service should be disabled. Enable Postfix Service Ubuntu 22.04 The postfix service should be enabled if possible. Enable Process Accounting (psacct) Ubuntu 22.04 The psacct service should be enabled if possible. Disable Apache Qpid (qpidd) Ubuntu 22.04 The qpidd service should be disabled. Disable Quota Netlink (quota_nld) Ubuntu 22.04 The quota_nld service should be disabled. Disable Network Router Discovery Daemon (rdisc) Ubuntu 22.04 The rdisc service should be disabled. Disable rexec Service Ubuntu 22.04 The rexec service should be disabled. Disable Red Hat Network Service (rhnsd) Ubuntu 22.04 The rhnsd service should be disabled. Disable Red Hat Subscription Manager Daemon (rhsmcertd) Ubuntu 22.04 The rhsmcertd service should be disabled. Disable rlogin Service Ubuntu 22.04 The rlogin service should be disabled. Enable the Hardware RNG Entropy Gatherer Service Ubuntu 22.04 The rngd service should be enabled if possible. Disable rpcbind Service Ubuntu 22.04 The rpcbind service should be disabled. Disable Secure RPC Client Service (rpcgssd) Ubuntu 22.04 The rpcgssd service should be disabled. Disable RPC ID Mapping Service (rpcidmapd) Ubuntu 22.04 The rpcidmapd service should be disabled. Disable Secure RPC Server Service (rpcsvcgssd) Ubuntu 22.04 The rpcsvcgssd service should be disabled. Disable rsh Service Ubuntu 22.04 The rsh service should be disabled. Ensure rsyncd service is disabled Ubuntu 22.04 The rsyncd service should be disabled. Enable rsyslog Service Ubuntu 22.04 The rsyslog service should be enabled if possible. Disable Cyrus SASL Authentication Daemon (saslauthd) Ubuntu 22.04 The saslauthd service should be disabled. Disable LDAP Server (slapd) Ubuntu 22.04 The slapd service should be disabled. Disable Samba Ubuntu 22.04 The smbd service should be disabled. Disable snmpd Service Ubuntu 22.04 The snmpd service should be disabled. Disable Squid Ubuntu 22.04 The squid service should be disabled. Disable SSH Server If Possible Ubuntu 22.04 The sshd service should be disabled. Enable the OpenSSH Service Ubuntu 22.04 The ssh service should be enabled if possible. Enable the SSSD Service Ubuntu 22.04 The sssd service should be enabled if possible. service_syslog_disabled Ubuntu 22.04 The syslog service should be disabled. Enable syslog-ng Service Ubuntu 22.04 The syslog-ng service should be enabled if possible. Disable System Statistics Reset Service (sysstat) Ubuntu 22.04 The sysstat service should be disabled. Disable acquiring, saving, and processing core dumps Ubuntu 22.04 Disable systemd-coredump.socket Enable systemd-journal-upload Service Ubuntu 22.04 The systemd-journal-upload service should be enabled if possible. Enable systemd-journald Service Ubuntu 22.04 The systemd-journald service should be enabled if possible. Disable telnet Service Ubuntu 22.04 The telnet service should be disabled. Disable tftpd-hpa Service Ubuntu 22.04 The tftpd-hpa service should be disabled. Disable systemd_timesyncd Service Ubuntu 22.04 The systemd-timesyncd service should be disabled. Enable systemd_timesyncd Service Ubuntu 22.04 The systemd-timesyncd service should be enabled if possible. Verify ufw Enabled Ubuntu 22.04 The ufw service should be enabled if possible. Enable the USBGuard Service Ubuntu 22.04 The usbguard service should be enabled if possible. Disable vsftpd Service Ubuntu 22.04 The vsftpd service should be disabled. Disable xinetd Service Ubuntu 22.04 The xinetd service should be disabled. Disable ypbind Service Ubuntu 22.04 The ypbind service should be disabled. Disable ypserv Service Ubuntu 22.04 The ypserv service should be disabled. Disable Quagga Service Ubuntu 22.04 The zebra service should be disabled. Set Default firewalld Zone for Incoming Packets Ubuntu 22.04 Check presence of DefaultZone=drop in /etc/firewalld/firewalld.conf Set PAM's Common Authentication Hashing Algorithm Ubuntu 22.04 Configure PAM module Set yescrypt Cost Factor in /etc/login.defs Ubuntu 22.04 Ensure 'YESCRYPT_COST_FACTOR' is configured with value configured through XCCDF variable var_password_yescrypt_cost_factor_login_defs' in /etc/login.defs Disable systemd-journal-remote Socket Ubuntu 22.04 Disable systemd-journal-remote.socket Allow Only SSH Protocol 2 Ubuntu 22.04 Ensure 'Protocol' is configured with value '2' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Disable Compression Or Set Compression to delayed Ubuntu 22.04 Ensure 'Compression' is configured with value configured in var_sshd_disable_compression variable in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Disable SSH Access via Empty Passwords Ubuntu 22.04 Ensure 'PermitEmptyPasswords' is configured with value 'no' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Disable SSH Forwarding Ubuntu 22.04 Ensure 'DisableForwarding' is configured with value 'yes' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Disable GSSAPI Authentication Ubuntu 22.04 Ensure 'GSSAPIAuthentication' is configured with value 'no' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Disable Kerberos Authentication Ubuntu 22.04 Ensure 'KerberosAuthentication' is configured with value 'no' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Disable PubkeyAuthentication Authentication Ubuntu 22.04 Ensure 'PubkeyAuthentication' is configured with value 'no' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Disable SSH Support for .rhosts Files Ubuntu 22.04 Ensure 'IgnoreRhosts' is configured with value 'yes' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Disable SSH Support for Rhosts RSA Authentication Ubuntu 22.04 Ensure 'RhostsRSAAuthentication' is configured with value 'no' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Disable SSH Root Login Ubuntu 22.04 Ensure 'PermitRootLogin' is configured with value 'no' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Disable SSH root Login with a Password (Insecure) Ubuntu 22.04 Ensure 'PermitRootLogin' is configured with value 'prohibit-password' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Disable SSH TCP Forwarding Ubuntu 22.04 Ensure 'AllowTcpForwarding' is configured with value 'no' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Disable SSH Support for User Known Hosts Ubuntu 22.04 Ensure 'IgnoreUserKnownHosts' is configured with value 'yes' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Disable X11 Forwarding Ubuntu 22.04 Ensure 'X11Forwarding' is configured with value 'no' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Do Not Allow SSH Environment Options Ubuntu 22.04 Ensure 'PermitUserEnvironment' is configured with value 'no' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Enable GSSAPI Authentication Ubuntu 22.04 Ensure 'GSSAPIAuthentication' is configured with value 'yes' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Enable PAM Ubuntu 22.04 Ensure 'UsePAM' is configured with value 'yes' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Enable Public Key Authentication Ubuntu 22.04 Ensure 'PubkeyAuthentication' is configured with value 'yes' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Enable Use of Strict Mode Checking Ubuntu 22.04 Ensure 'StrictModes' is configured with value 'yes' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Enable SSH Warning Banner Ubuntu 22.04 Ensure 'Banner' is configured with value '/etc/issue' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Enable SSH Warning Banner Ubuntu 22.04 Ensure 'Banner' is configured with value '/etc/issue.net' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Enable Encrypted X11 Forwarding Ubuntu 22.04 Ensure 'X11Forwarding' is configured with value 'yes' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d sshd_includes_config_files Ubuntu 22.04 Check presence of Include /etc/ssh/sshd_config.d/*.conf in /etc/ssh/sshd_config Enable SSH Print Last Log Ubuntu 22.04 Ensure 'PrintLastLog' is configured with value 'yes' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Set SSH Client Alive Count Max Ubuntu 22.04 Ensure 'ClientAliveCountMax' is configured with value configured in var_sshd_set_keepalive variable in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Set SSH Client Alive Count Max to zero Ubuntu 22.04 Ensure 'ClientAliveCountMax' is configured with value '0' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Set LogLevel to INFO Ubuntu 22.04 Ensure 'LogLevel' is configured with value 'INFO' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Set SSH Daemon LogLevel to VERBOSE Ubuntu 22.04 Ensure 'LogLevel' is configured with value 'VERBOSE' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Enable Use of Privilege Separation Ubuntu 22.04 Ensure 'UsePrivilegeSeparation' is configured with value configured in var_sshd_priv_separation variable in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d SSH server uses strong entropy to seed Ubuntu 22.04 Ensure 'SSH_USE_STRONG_RNG' is configured with value '32' in /etc/sysconfig/sshd Prevent remote hosts from connecting to the proxy display Ubuntu 22.04 Ensure 'X11UseLocalhost' is configured with value 'yes' in /etc/ssh/sshd_config or in /etc/ssh/sshd_config.d Enable Certmap in SSSD Ubuntu 22.04 Check presence of \[certmap\/.+\/.+\] in /etc/sssd/sssd.conf Ensure sudo Runs In A Minimal Environment - sudo env_reset Ubuntu 22.04 Checks sudoers Defaults env_reset configuration Ensure sudo Ignores Commands In Current Dir - sudo ignore_dot Ubuntu 22.04 Checks sudoers Defaults ignore_dot configuration Ensure Privileged Escalated Commands Cannot Execute Other Commands - sudo NOEXEC Ubuntu 22.04 Checks sudoers Defaults noexec configuration Ensure sudo passwd_timeout is appropriate - sudo passwd_timeout Ubuntu 22.04 Checks sudoers Defaults passwd_timeout configuration Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo requiretty Ubuntu 22.04 Checks sudoers Defaults requiretty configuration Ensure sudo umask is appropriate - sudo umask Ubuntu 22.04 Checks sudoers Defaults umask configuration Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty Ubuntu 22.04 Checks sudoers Defaults use_pty configuration Ensure Sudo Logfile Exists - sudo logfile Ubuntu 22.04 Checks sudoers Defaults logfile configuration Ensure only owner and members of group owner of /usr/bin/sudo can execute it Ubuntu 22.04 This test makes sure that /usr/bin/sudo has mode 4110. If the target file or directory has an extended ACL, then it will fail the mode check. Enable Kernel Parameter to Enforce DAC on FIFOs Ubuntu 22.04 The 'fs.protected_fifos' kernel parameter should be set to the appropriate value in system configuration and system runtime. Enable Kernel Parameter to Enforce DAC on FIFOs Ubuntu 22.04 The kernel 'fs.protected_fifos' parameter should be set to 2 in the system runtime. Enable Kernel Parameter to Enforce DAC on FIFOs Ubuntu 22.04 The kernel 'fs.protected_fifos' parameter should be set to 2 in the system configuration. Enable Kernel Parameter to Enforce DAC on Hardlinks Ubuntu 22.04 The 'fs.protected_hardlinks' kernel parameter should be set to the appropriate value in system configuration and system runtime. Enable Kernel Parameter to Enforce DAC on Hardlinks Ubuntu 22.04 The kernel 'fs.protected_hardlinks' parameter should be set to 1 in the system runtime. Enable Kernel Parameter to Enforce DAC on Hardlinks Ubuntu 22.04 The kernel 'fs.protected_hardlinks' parameter should be set to 1 in the system configuration. Enable Kernel Parameter to Enforce DAC on Regular files Ubuntu 22.04 The 'fs.protected_regular' kernel parameter should be set to the appropriate value in system configuration and system runtime. Enable Kernel Parameter to Enforce DAC on Regular files Ubuntu 22.04 The kernel 'fs.protected_regular' parameter should be set to 2 in the system runtime. Enable Kernel Parameter to Enforce DAC on Regular files Ubuntu 22.04 The kernel 'fs.protected_regular' parameter should be set to 2 in the system configuration. Enable Kernel Parameter to Enforce DAC on Symlinks Ubuntu 22.04 The 'fs.protected_symlinks' kernel parameter should be set to the appropriate value in system configuration and system runtime. Enable Kernel Parameter to Enforce DAC on Symlinks Ubuntu 22.04 The kernel 'fs.protected_symlinks' parameter should be set to 1 in the system runtime. Enable Kernel Parameter to Enforce DAC on Symlinks Ubuntu 22.04 The kernel 'fs.protected_symlinks' parameter should be set to 1 in the system configuration. Disable Core Dumps for SUID programs Ubuntu 22.04 The 'fs.suid_dumpable' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable Core Dumps for SUID programs Ubuntu 22.04 The kernel 'fs.suid_dumpable' parameter should be set to 0 in the system runtime. Disable Core Dumps for SUID programs Ubuntu 22.04 The kernel 'fs.suid_dumpable' parameter should be set to 0 in the system configuration. Disable storing core dumps Ubuntu 22.04 The 'kernel.core_pattern' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable storing core dumps Ubuntu 22.04 The kernel 'kernel.core_pattern' parameter should be set to |/bin/false in the system runtime. Disable storing core dumps Ubuntu 22.04 The kernel 'kernel.core_pattern' parameter should be set to |/bin/false in the system configuration. Configure file name of core dumps Ubuntu 22.04 The 'kernel.core_uses_pid' kernel parameter should be set to the appropriate value in system configuration and system runtime. Configure file name of core dumps Ubuntu 22.04 The kernel 'kernel.core_uses_pid' parameter should be set to 0 in the system runtime. Configure file name of core dumps Ubuntu 22.04 The kernel 'kernel.core_uses_pid' parameter should be set to 0 in the system configuration. Restrict Access to Kernel Message Buffer Ubuntu 22.04 The 'kernel.dmesg_restrict' kernel parameter should be set to the appropriate value in system configuration and system runtime. Restrict Access to Kernel Message Buffer Ubuntu 22.04 The kernel 'kernel.dmesg_restrict' parameter should be set to 1 in the system runtime. Restrict Access to Kernel Message Buffer Ubuntu 22.04 The kernel 'kernel.dmesg_restrict' parameter should be set to 1 in the system configuration. Disable Kernel Image Loading Ubuntu 22.04 The 'kernel.kexec_load_disabled' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable Kernel Image Loading Ubuntu 22.04 The kernel 'kernel.kexec_load_disabled' parameter should be set to 1 in the system runtime. Disable Kernel Image Loading Ubuntu 22.04 The kernel 'kernel.kexec_load_disabled' parameter should be set to 1 in the system configuration. Restrict Exposed Kernel Pointer Addresses Access Ubuntu 22.04 The 'kernel.kptr_restrict' kernel parameter should be set to the appropriate value in system configuration and system runtime. Restrict Exposed Kernel Pointer Addresses Access Ubuntu 22.04 The kernel 'kernel.kptr_restrict' parameter should be set to the appropriate value in the system runtime. Restrict Exposed Kernel Pointer Addresses Access Ubuntu 22.04 The kernel 'kernel.kptr_restrict' parameter should be set to the appropriate value in the system configuration. Disable loading and unloading of kernel modules Ubuntu 22.04 The 'kernel.modules_disabled' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable loading and unloading of kernel modules Ubuntu 22.04 The kernel 'kernel.modules_disabled' parameter should be set to 1 in the system runtime. Disable loading and unloading of kernel modules Ubuntu 22.04 The kernel 'kernel.modules_disabled' parameter should be set to 1 in the system configuration. Kernel panic on oops Ubuntu 22.04 The 'kernel.panic_on_oops' kernel parameter should be set to the appropriate value in system configuration and system runtime. Kernel panic on oops Ubuntu 22.04 The kernel 'kernel.panic_on_oops' parameter should be set to 1 in the system runtime. Kernel panic on oops Ubuntu 22.04 The kernel 'kernel.panic_on_oops' parameter should be set to 1 in the system configuration. Limit CPU consumption of the Perf system Ubuntu 22.04 The 'kernel.perf_cpu_time_max_percent' kernel parameter should be set to the appropriate value in system configuration and system runtime. Limit CPU consumption of the Perf system Ubuntu 22.04 The kernel 'kernel.perf_cpu_time_max_percent' parameter should be set to 1 in the system runtime. Limit CPU consumption of the Perf system Ubuntu 22.04 The kernel 'kernel.perf_cpu_time_max_percent' parameter should be set to 1 in the system configuration. Limit sampling frequency of the Perf system Ubuntu 22.04 The 'kernel.perf_event_max_sample_rate' kernel parameter should be set to the appropriate value in system configuration and system runtime. Limit sampling frequency of the Perf system Ubuntu 22.04 The kernel 'kernel.perf_event_max_sample_rate' parameter should be set to 1 in the system runtime. Limit sampling frequency of the Perf system Ubuntu 22.04 The kernel 'kernel.perf_event_max_sample_rate' parameter should be set to 1 in the system configuration. Disallow kernel profiling by unprivileged users Ubuntu 22.04 The 'kernel.perf_event_paranoid' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disallow kernel profiling by unprivileged users Ubuntu 22.04 The kernel 'kernel.perf_event_paranoid' parameter should be set to 2 in the system runtime. Disallow kernel profiling by unprivileged users Ubuntu 22.04 The kernel 'kernel.perf_event_paranoid' parameter should be set to 2 in the system configuration. Configure maximum number of process identifiers Ubuntu 22.04 The 'kernel.pid_max' kernel parameter should be set to the appropriate value in system configuration and system runtime. Configure maximum number of process identifiers Ubuntu 22.04 The kernel 'kernel.pid_max' parameter should be set to 65536 in the system runtime. Configure maximum number of process identifiers Ubuntu 22.04 The kernel 'kernel.pid_max' parameter should be set to 65536 in the system configuration. Enable Randomized Layout of Virtual Address Space Ubuntu 22.04 The 'kernel.randomize_va_space' kernel parameter should be set to the appropriate value in system configuration and system runtime. Enable Randomized Layout of Virtual Address Space Ubuntu 22.04 The kernel 'kernel.randomize_va_space' parameter should be set to 2 in the system runtime. Enable Randomized Layout of Virtual Address Space Ubuntu 22.04 The kernel 'kernel.randomize_va_space' parameter should be set to 2 in the system configuration. Disallow magic SysRq key Ubuntu 22.04 The 'kernel.sysrq' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disallow magic SysRq key Ubuntu 22.04 The kernel 'kernel.sysrq' parameter should be set to 0 in the system runtime. Disallow magic SysRq key Ubuntu 22.04 The kernel 'kernel.sysrq' parameter should be set to 0 in the system configuration. Disable Access to Network bpf() Syscall From Unprivileged Processes Ubuntu 22.04 The 'kernel.unprivileged_bpf_disabled' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable Access to Network bpf() Syscall From Unprivileged Processes Ubuntu 22.04 The kernel 'kernel.unprivileged_bpf_disabled' parameter should be set to 1 in the system runtime. Disable Access to Network bpf() Syscall From Unprivileged Processes Ubuntu 22.04 The kernel 'kernel.unprivileged_bpf_disabled' parameter should be set to 1 in the system configuration. Disable Access to Network bpf() Syscall From Unprivileged Processes Ubuntu 22.04 The 'kernel.unprivileged_bpf_disabled' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable Access to Network bpf() Syscall From Unprivileged Processes Ubuntu 22.04 The kernel 'kernel.unprivileged_bpf_disabled' parameter should be set to 1 or 2 in the system runtime. Disable Access to Network bpf() Syscall From Unprivileged Processes Ubuntu 22.04 The kernel 'kernel.unprivileged_bpf_disabled' parameter should be set to 1 or 2 in the system configuration. Restrict usage of ptrace to descendant processes Ubuntu 22.04 The 'kernel.yama.ptrace_scope' kernel parameter should be set to the appropriate value in system configuration and system runtime. Restrict usage of ptrace to descendant processes Ubuntu 22.04 The kernel 'kernel.yama.ptrace_scope' parameter should be set to 1 in the system runtime. Restrict usage of ptrace to descendant processes Ubuntu 22.04 The kernel 'kernel.yama.ptrace_scope' parameter should be set to 1 in the system configuration. Harden the operation of the BPF just-in-time compiler Ubuntu 22.04 The 'net.core.bpf_jit_harden' kernel parameter should be set to the appropriate value in system configuration and system runtime. Harden the operation of the BPF just-in-time compiler Ubuntu 22.04 The kernel 'net.core.bpf_jit_harden' parameter should be set to 2 in the system runtime. Harden the operation of the BPF just-in-time compiler Ubuntu 22.04 The kernel 'net.core.bpf_jit_harden' parameter should be set to 2 in the system configuration. Disable Accepting Packets Routed Between Local Interfaces Ubuntu 22.04 The 'net.ipv4.conf.all.accept_local' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable Accepting Packets Routed Between Local Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.accept_local' parameter should be set to 0 in the system runtime. Disable Accepting Packets Routed Between Local Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.accept_local' parameter should be set to 0 in the system configuration. Disable Accepting ICMP Redirects for All IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.conf.all.accept_redirects' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable Accepting ICMP Redirects for All IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.accept_redirects' parameter should be set to the appropriate value in the system runtime. Disable Accepting ICMP Redirects for All IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.accept_redirects' parameter should be set to the appropriate value in the system configuration. Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.conf.all.accept_source_route' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.accept_source_route' parameter should be set to the appropriate value in the system runtime. Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.accept_source_route' parameter should be set to the appropriate value in the system configuration. Configure ARP filtering for All IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.conf.all.arp_filter' kernel parameter should be set to the appropriate value in system configuration and system runtime. Configure ARP filtering for All IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.arp_filter' parameter should be set to the appropriate value in the system runtime. Configure ARP filtering for All IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.arp_filter' parameter should be set to the appropriate value in the system configuration. Configure Response Mode of ARP Requests for All IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.conf.all.arp_ignore' kernel parameter should be set to the appropriate value in system configuration and system runtime. Configure Response Mode of ARP Requests for All IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.arp_ignore' parameter should be set to the appropriate value in the system runtime. Configure Response Mode of ARP Requests for All IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.arp_ignore' parameter should be set to the appropriate value in the system configuration. Drop Gratuitous ARP frames on All IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.conf.all.drop_gratuitous_arp' kernel parameter should be set to the appropriate value in system configuration and system runtime. Drop Gratuitous ARP frames on All IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.drop_gratuitous_arp' parameter should be set to 1 in the system runtime. Drop Gratuitous ARP frames on All IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.drop_gratuitous_arp' parameter should be set to 1 in the system configuration. Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.conf.all.forwarding' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.forwarding' parameter should be set to the appropriate value in the system runtime. Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.forwarding' parameter should be set to the appropriate value in the system configuration. Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.conf.all.log_martians' kernel parameter should be set to the appropriate value in system configuration and system runtime. Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.log_martians' parameter should be set to the appropriate value in the system runtime. Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.log_martians' parameter should be set to the appropriate value in the system configuration. Prevent Routing External Traffic to Local Loopback on All IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.conf.all.route_localnet' kernel parameter should be set to the appropriate value in system configuration and system runtime. Prevent Routing External Traffic to Local Loopback on All IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.route_localnet' parameter should be set to 0 in the system runtime. Prevent Routing External Traffic to Local Loopback on All IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.route_localnet' parameter should be set to 0 in the system configuration. Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.conf.all.rp_filter' kernel parameter should be set to the appropriate value in system configuration and system runtime. Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.rp_filter' parameter should be set to the appropriate value in the system runtime. Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.rp_filter' parameter should be set to the appropriate value in the system configuration. Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.conf.all.secure_redirects' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.secure_redirects' parameter should be set to the appropriate value in the system runtime. Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.secure_redirects' parameter should be set to the appropriate value in the system configuration. Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.conf.all.send_redirects' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.send_redirects' parameter should be set to 0 in the system runtime. Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.send_redirects' parameter should be set to 0 in the system configuration. Configure Sending and Accepting Shared Media Redirects for All IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.conf.all.shared_media' kernel parameter should be set to the appropriate value in system configuration and system runtime. Configure Sending and Accepting Shared Media Redirects for All IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.shared_media' parameter should be set to the appropriate value in the system runtime. Configure Sending and Accepting Shared Media Redirects for All IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.all.shared_media' parameter should be set to the appropriate value in the system configuration. Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.conf.default.accept_redirects' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.default.accept_redirects' parameter should be set to the appropriate value in the system runtime. Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.conf.default.accept_redirects' parameter should be set to the appropriate value in the system configuration. Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default Ubuntu 22.04 The 'net.ipv4.conf.default.accept_source_route' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv4.conf.default.accept_source_route' parameter should be set to the appropriate value in the system runtime. Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv4.conf.default.accept_source_route' parameter should be set to the appropriate value in the system configuration. Disable Kernel Parameter for IPv4 Forwarding By Default Ubuntu 22.04 The 'net.ipv4.conf.default.forwarding' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable Kernel Parameter for IPv4 Forwarding By Default Ubuntu 22.04 The kernel 'net.ipv4.conf.default.forwarding' parameter should be set to the appropriate value in the system runtime. Disable Kernel Parameter for IPv4 Forwarding By Default Ubuntu 22.04 The kernel 'net.ipv4.conf.default.forwarding' parameter should be set to the appropriate value in the system configuration. Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default Ubuntu 22.04 The 'net.ipv4.conf.default.log_martians' kernel parameter should be set to the appropriate value in system configuration and system runtime. Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv4.conf.default.log_martians' parameter should be set to the appropriate value in the system runtime. Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv4.conf.default.log_martians' parameter should be set to the appropriate value in the system configuration. Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default Ubuntu 22.04 The 'net.ipv4.conf.default.rp_filter' kernel parameter should be set to the appropriate value in system configuration and system runtime. Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv4.conf.default.rp_filter' parameter should be set to the appropriate value in the system runtime. Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv4.conf.default.rp_filter' parameter should be set to the appropriate value in the system configuration. Configure Kernel Parameter for Accepting Secure Redirects By Default Ubuntu 22.04 The 'net.ipv4.conf.default.secure_redirects' kernel parameter should be set to the appropriate value in system configuration and system runtime. Configure Kernel Parameter for Accepting Secure Redirects By Default Ubuntu 22.04 The kernel 'net.ipv4.conf.default.secure_redirects' parameter should be set to the appropriate value in the system runtime. Configure Kernel Parameter for Accepting Secure Redirects By Default Ubuntu 22.04 The kernel 'net.ipv4.conf.default.secure_redirects' parameter should be set to the appropriate value in the system configuration. Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default Ubuntu 22.04 The 'net.ipv4.conf.default.send_redirects' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv4.conf.default.send_redirects' parameter should be set to 0 in the system runtime. Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv4.conf.default.send_redirects' parameter should be set to 0 in the system configuration. Configure Sending and Accepting Shared Media Redirects by Default Ubuntu 22.04 The 'net.ipv4.conf.default.shared_media' kernel parameter should be set to the appropriate value in system configuration and system runtime. Configure Sending and Accepting Shared Media Redirects by Default Ubuntu 22.04 The kernel 'net.ipv4.conf.default.shared_media' parameter should be set to the appropriate value in the system runtime. Configure Sending and Accepting Shared Media Redirects by Default Ubuntu 22.04 The kernel 'net.ipv4.conf.default.shared_media' parameter should be set to the appropriate value in the system configuration. Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.icmp_echo_ignore_broadcasts' kernel parameter should be set to the appropriate value in system configuration and system runtime. Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.icmp_echo_ignore_broadcasts' parameter should be set to the appropriate value in the system runtime. Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.icmp_echo_ignore_broadcasts' parameter should be set to the appropriate value in the system configuration. Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.icmp_ignore_bogus_error_responses' kernel parameter should be set to the appropriate value in system configuration and system runtime. Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.icmp_ignore_bogus_error_responses' parameter should be set to the appropriate value in the system runtime. Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.icmp_ignore_bogus_error_responses' parameter should be set to the appropriate value in the system configuration. Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.ip_forward' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.ip_forward' parameter should be set to 0 in the system runtime. Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.ip_forward' parameter should be set to 0 in the system configuration. Set Kernel Parameter to Increase Local Port Range Ubuntu 22.04 The 'net.ipv4.ip_local_port_range' kernel parameter should be set to the appropriate value in system configuration and system runtime. Set Kernel Parameter to Increase Local Port Range Ubuntu 22.04 The kernel 'net.ipv4.ip_local_port_range' parameter should be set to 32768 65535 in the system runtime. Set Kernel Parameter to Increase Local Port Range Ubuntu 22.04 The kernel 'net.ipv4.ip_local_port_range' parameter should be set to 32768 65535 in the system configuration. Configure Kernel to Rate Limit Sending of Duplicate TCP Acknowledgments Ubuntu 22.04 The 'net.ipv4.tcp_invalid_ratelimit' kernel parameter should be set to the appropriate value in system configuration and system runtime. Configure Kernel to Rate Limit Sending of Duplicate TCP Acknowledgments Ubuntu 22.04 The kernel 'net.ipv4.tcp_invalid_ratelimit' parameter should be set to the appropriate value in the system runtime. Configure Kernel to Rate Limit Sending of Duplicate TCP Acknowledgments Ubuntu 22.04 The kernel 'net.ipv4.tcp_invalid_ratelimit' parameter should be set to the appropriate value in the system configuration. Enable Kernel Parameter to Use TCP RFC 1337 on IPv4 Interfaces Ubuntu 22.04 The 'net.ipv4.tcp_rfc1337' kernel parameter should be set to the appropriate value in system configuration and system runtime. Enable Kernel Parameter to Use TCP RFC 1337 on IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.tcp_rfc1337' parameter should be set to the appropriate value in the system runtime. Enable Kernel Parameter to Use TCP RFC 1337 on IPv4 Interfaces Ubuntu 22.04 The kernel 'net.ipv4.tcp_rfc1337' parameter should be set to the appropriate value in the system configuration. Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces Ubuntu 22.04 The 'net.ipv4.tcp_syncookies' kernel parameter should be set to the appropriate value in system configuration and system runtime. Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces Ubuntu 22.04 The kernel 'net.ipv4.tcp_syncookies' parameter should be set to the appropriate value in the system runtime. Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces Ubuntu 22.04 The kernel 'net.ipv4.tcp_syncookies' parameter should be set to the appropriate value in the system configuration. Configure Accepting Router Advertisements on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_ra' parameter should be set to the appropriate value in system configuration and system runtime. Configure Accepting Router Advertisements on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_ra' parameter should be set to the appropriate value in the system runtime. Configure Accepting Router Advertisements on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_ra' parameter should be set to the appropriate value in the system configuration. Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_ra_defrtr' parameter should be set to the appropriate value in system configuration and system runtime. Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_ra_defrtr' parameter should be set to the appropriate value in the system runtime. Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_ra_defrtr' parameter should be set to the appropriate value in the system configuration. Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_ra_pinfo' parameter should be set to the appropriate value in system configuration and system runtime. Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_ra_pinfo' parameter should be set to the appropriate value in the system runtime. Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_ra_pinfo' parameter should be set to the appropriate value in the system configuration. Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_ra_rtr_pref' parameter should be set to the appropriate value in system configuration and system runtime. Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_ra_rtr_pref' parameter should be set to the appropriate value in the system runtime. Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_ra_rtr_pref' parameter should be set to the appropriate value in the system configuration. Disable Accepting ICMP Redirects for All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_redirects' parameter should be set to the appropriate value in system configuration and system runtime. Disable Accepting ICMP Redirects for All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_redirects' parameter should be set to the appropriate value in the system runtime. Disable Accepting ICMP Redirects for All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_redirects' parameter should be set to the appropriate value in the system configuration. Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_source_route' parameter should be set to the appropriate value in system configuration and system runtime. Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_source_route' parameter should be set to the appropriate value in the system runtime. Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.accept_source_route' parameter should be set to the appropriate value in the system configuration. Configure Auto Configuration on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.autoconf' parameter should be set to the appropriate value in system configuration and system runtime. Configure Auto Configuration on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.autoconf' parameter should be set to the appropriate value in the system runtime. Configure Auto Configuration on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.autoconf' parameter should be set to the appropriate value in the system configuration. Disable IPv6 Addressing on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.disable_ipv6' parameter should be set to the appropriate value in system configuration and system runtime. Disable IPv6 Addressing on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.disable_ipv6' parameter should be set to 1 in the system runtime. Disable IPv6 Addressing on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.disable_ipv6' parameter should be set to 1 in the system configuration. Disable Kernel Parameter for IPv6 Forwarding Ubuntu 22.04 The kernel 'net.ipv6.conf.all.forwarding' parameter should be set to the appropriate value in system configuration and system runtime. Disable Kernel Parameter for IPv6 Forwarding Ubuntu 22.04 The kernel 'net.ipv6.conf.all.forwarding' parameter should be set to the appropriate value in the system runtime. Disable Kernel Parameter for IPv6 Forwarding Ubuntu 22.04 The kernel 'net.ipv6.conf.all.forwarding' parameter should be set to the appropriate value in the system configuration. Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.max_addresses' parameter should be set to the appropriate value in system configuration and system runtime. Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.max_addresses' parameter should be set to the appropriate value in the system runtime. Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.max_addresses' parameter should be set to the appropriate value in the system configuration. Configure Denying Router Solicitations on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.router_solicitations' parameter should be set to the appropriate value in system configuration and system runtime. Configure Denying Router Solicitations on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.router_solicitations' parameter should be set to the appropriate value in the system runtime. Configure Denying Router Solicitations on All IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.all.router_solicitations' parameter should be set to the appropriate value in the system configuration. Disable Accepting Router Advertisements on all IPv6 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_ra' parameter should be set to the appropriate value in system configuration and system runtime. Disable Accepting Router Advertisements on all IPv6 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_ra' parameter should be set to the appropriate value in the system runtime. Disable Accepting Router Advertisements on all IPv6 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_ra' parameter should be set to the appropriate value in the system configuration. Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_ra_defrtr' parameter should be set to the appropriate value in system configuration and system runtime. Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_ra_defrtr' parameter should be set to the appropriate value in the system runtime. Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_ra_defrtr' parameter should be set to the appropriate value in the system configuration. Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_ra_pinfo' parameter should be set to the appropriate value in system configuration and system runtime. Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_ra_pinfo' parameter should be set to the appropriate value in the system runtime. Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_ra_pinfo' parameter should be set to the appropriate value in the system configuration. Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_ra_rtr_pref' parameter should be set to the appropriate value in system configuration and system runtime. Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_ra_rtr_pref' parameter should be set to the appropriate value in the system runtime. Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_ra_rtr_pref' parameter should be set to the appropriate value in the system configuration. Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_redirects' parameter should be set to the appropriate value in system configuration and system runtime. Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_redirects' parameter should be set to the appropriate value in the system runtime. Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_redirects' parameter should be set to the appropriate value in the system configuration. Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_source_route' parameter should be set to the appropriate value in system configuration and system runtime. Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_source_route' parameter should be set to the appropriate value in the system runtime. Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.accept_source_route' parameter should be set to the appropriate value in the system configuration. Configure Auto Configuration on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.autoconf' parameter should be set to the appropriate value in system configuration and system runtime. Configure Auto Configuration on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.autoconf' parameter should be set to the appropriate value in the system runtime. Configure Auto Configuration on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.autoconf' parameter should be set to the appropriate value in the system configuration. Disable IPv6 Addressing on IPv6 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.disable_ipv6' parameter should be set to the appropriate value in system configuration and system runtime. Disable IPv6 Addressing on IPv6 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.disable_ipv6' parameter should be set to 1 in the system runtime. Disable IPv6 Addressing on IPv6 Interfaces by Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.disable_ipv6' parameter should be set to 1 in the system configuration. Disable Kernel Parameter for IPv6 Forwarding by default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.forwarding' parameter should be set to the appropriate value in system configuration and system runtime. Disable Kernel Parameter for IPv6 Forwarding by default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.forwarding' parameter should be set to the appropriate value in the system runtime. Disable Kernel Parameter for IPv6 Forwarding by default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.forwarding' parameter should be set to the appropriate value in the system configuration. Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.max_addresses' parameter should be set to the appropriate value in system configuration and system runtime. Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.max_addresses' parameter should be set to the appropriate value in the system runtime. Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.max_addresses' parameter should be set to the appropriate value in the system configuration. Configure Denying Router Solicitations on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.router_solicitations' parameter should be set to the appropriate value in system configuration and system runtime. Configure Denying Router Solicitations on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.router_solicitations' parameter should be set to the appropriate value in the system runtime. Configure Denying Router Solicitations on All IPv6 Interfaces By Default Ubuntu 22.04 The kernel 'net.ipv6.conf.default.router_solicitations' parameter should be set to the appropriate value in the system configuration. Disable the use of user namespaces Ubuntu 22.04 The 'user.max_user_namespaces' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable the use of user namespaces Ubuntu 22.04 The kernel 'user.max_user_namespaces' parameter should be set to 0 in the system runtime. Disable the use of user namespaces Ubuntu 22.04 The kernel 'user.max_user_namespaces' parameter should be set to 0 in the system configuration. Disable the use of user namespaces Ubuntu 22.04 The 'user.max_user_namespaces' kernel parameter should be set to the appropriate value in system configuration and system runtime. Disable the use of user namespaces Ubuntu 22.04 The kernel 'user.max_user_namespaces' parameter should be set to 0 in the system runtime. Disable the use of user namespaces Ubuntu 22.04 The kernel 'user.max_user_namespaces' parameter should be set to 0 in the system configuration. Prevent applications from mapping low portion of virtual memory Ubuntu 22.04 The 'vm.mmap_min_addr' kernel parameter should be set to the appropriate value in system configuration and system runtime. Prevent applications from mapping low portion of virtual memory Ubuntu 22.04 The kernel 'vm.mmap_min_addr' parameter should be set to 65536 in the system runtime. Prevent applications from mapping low portion of virtual memory Ubuntu 22.04 The kernel 'vm.mmap_min_addr' parameter should be set to 65536 in the system configuration. Ensure tmp.mount Unit Is Enabled Ubuntu 22.04 The tmp mount should be enabled if possible. Enable dnf-automatic Timer Ubuntu 22.04 The dnf-automatic timer should be enabled if possible. Enable logrotate Timer Ubuntu 22.04 The logrotate timer should be enabled if possible. Verify that 'use_mappers' is set to 'pwent' in PAM Ubuntu 22.04 Check presence of use_mappers = pwent in /etc/pam_pkcs11/pam_pkcs11.conf Check that vlock is installed to allow session locking Ubuntu 22.04 The DPKG package vlock should be installed. Enable Auditing to Start Prior to the Audit Daemon in zIPL Ubuntu 22.04 Ensure audit=1 option is configured in the 'options' line in /boot/loader/entries/*.conf. Make sure that newly installed kernels will retain this option, it should be configured in /etc/kernel/cmdline as well. Extend Audit Backlog Limit for the Audit Daemon in zIPL Ubuntu 22.04 Ensure audit_backlog_limit=8192 option is configured in the 'options' line in /boot/loader/entries/*.conf. Make sure that newly installed kernels will retain this option, it should be configured in /etc/kernel/cmdline as well. Configure kernel to zero out memory before allocation in zIPL Ubuntu 22.04 Ensure init_on_alloc=1 option is configured in the 'options' line in /boot/loader/entries/*.conf. Make sure that newly installed kernels will retain this option, it should be configured in /etc/kernel/cmdline as well. Enable randomization of the page allocator in zIPL Ubuntu 22.04 Ensure page_alloc.shuffle=1 option is configured in the 'options' line in /boot/loader/entries/*.conf. Make sure that newly installed kernels will retain this option, it should be configured in /etc/kernel/cmdline as well. Enable page allocator poisoning in zIPL Ubuntu 22.04 Ensure page_poison=1 option is configured in the 'options' line in /boot/loader/entries/*.conf. Make sure that newly installed kernels will retain this option, it should be configured in /etc/kernel/cmdline as well. Enable SLUB/SLAB allocator poisoning in zIPL Ubuntu 22.04 Ensure slub_debug=P option is configured in the 'options' line in /boot/loader/entries/*.conf. Make sure that newly installed kernels will retain this option, it should be configured in /etc/kernel/cmdline as well. Disable vsyscalls in zIPL Ubuntu 22.04 Ensure vsyscall=none option is configured in the 'options' line in /boot/loader/entries/*.conf. Make sure that newly installed kernels will retain this option, it should be configured in /etc/kernel/cmdline as well. Check pam_faillock Existence in system-auth Ubuntu 22.04 Check that pam_faillock.so exists in system-auth Check pam_pwquality Existence in system-auth Ubuntu 22.04 Check that pam_pwquality.so exists in system-auth Test if auditctl is in use for audit rules Ubuntu 22.04 Test if auditctl is in use for audit rules. Test if augenrules is enabled for audit rules Ubuntu 22.04 Test if augenrules is enabled for audit rules. Record Events that Modify the System's Network Environment Ubuntu 22.04 The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited. Record Events that Modify the System's Network Environment Ubuntu 22.04 The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited. 'log_file' Not Set In /etc/audit/auditd.conf Ubuntu 22.04 Verify 'log_file' is not set in /etc/audit/auditd.conf. 'log_group' Not Set To 'root' In /etc/audit/auditd.conf Ubuntu 22.04 Verify 'log_group' is not set to 'root' in /etc/audit/auditd.conf. Ubuntu 22.04 Bootable container or bootc system Verify GRUB_DISABLE_RECOVERY Set to true Ubuntu 22.04 GRUB_DISABLE_RECOVERY set to 'true' in /etc/default/grub Specify Multiple Remote chronyd NTP Servers for Time Data Ubuntu 22.04 Multiple chronyd NTP Servers for time synchronization should be specified. GRUB_CMDLINE_LINUX_DEFAULT existance check Ubuntu 22.04 Check if GRUB_CMDLINE_LINUX_DEFAULT exists in /etc/default/grub. Use $kernelopts in /boot/loader/entries/*.conf Ubuntu 22.04 Ensure that grubenv-defined kernel options are referenced in individual boot loader entries Amazon Linux 2023 Ubuntu 22.04 The operating system installed on the system is Amazon Linux 2023 AlmaLinux OS 9 Ubuntu 22.04 The operating system installed on the system is AlmaLinux OS 9 Anolis OS 23 Ubuntu 22.04 The operating system installed on the system is Anolis OS 23 CentOS Stream 10 Ubuntu 22.04 The operating system installed on the system is CentOS Stream 10 CentOS 8 Ubuntu 22.04 The operating system installed on the system is CentOS 8 CentOS Stream 9 Ubuntu 22.04 The operating system installed on the system is CentOS Stream 9 Debian Ubuntu 22.04 The operating system installed is a Debian System Installed operating system is Fedora Ubuntu 22.04 The operating system installed on the system is Fedora Kylin Server 10 Ubuntu 22.04 The operating system installed on the system is Kylin Server 10. OE Harden Ubuntu 22.04 The operating system installed is an OE Harden based System Ubuntu 22.04 Installed OS is OL Oracle Linux 10 Ubuntu 22.04 The operating system installed on the system is Oracle Linux 10 Oracle Linux 7 Ubuntu 22.04 The operating system installed on the system is Oracle Linux 7 Oracle Linux 8 Ubuntu 22.04 The operating system installed on the system is Oracle Linux 8 Oracle Linux 9 Ubuntu 22.04 The operating system installed on the system is Oracle Linux 9 OpenEmbedded Ubuntu 22.04 The operating system installed is an OpenEmbedded based system openEuler 22.03 LTS Ubuntu 22.04 The operating system installed on the system is openEuler 22.03 LTS. openSUSE Ubuntu 22.04 The operating system installed on the system is openSUSE. openSUSE Leap 15 Ubuntu 22.04 The operating system installed on the system is openSUSE Leap 15. openSUSE Leap 16 Ubuntu 22.04 The operating system installed on the system is openSUSE Leap 16. Installed operating system is part of the Unix family Ubuntu 22.04 The operating system installed on the system is part of the Unix OS family Petalinux Ubuntu 22.04 The operating system installed is a Petalinux based System Poky Ubuntu 22.04 The operating system installed is a Poky based System Red Hat Enterprise Linux CoreOS Ubuntu 22.04 The operating system installed on the system is Red Hat Enterprise Linux CoreOS release 4 Red Hat Enterprise Linux CoreOS RHEL9 Based Ubuntu 22.04 The operating system installed on the system is Red Hat Enterprise Linux CoreOS RHEL9 Based Ubuntu 22.04 Installed OS is RHEL Red Hat Enterprise Linux 10 Ubuntu 22.04 The operating system installed on the system is Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 Ubuntu 22.04 The operating system installed on the system is Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8.0 Ubuntu 22.04 The operating system installed on the system is Red Hat Enterprise Linux 8.0 Red Hat Enterprise Linux 8.1 Ubuntu 22.04 The operating system installed on the system is Red Hat Enterprise Linux 8.1 Red Hat Enterprise Linux 8.2 Ubuntu 22.04 The operating system installed on the system is Red Hat Enterprise Linux 8.2 Red Hat Enterprise Linux 8.3 Ubuntu 22.04 The operating system installed on the system is Red Hat Enterprise Linux 8.3 Red Hat Enterprise Linux 8.4 Ubuntu 22.04 The operating system installed on the system is Red Hat Enterprise Linux 8.4 Red Hat Enterprise Linux 8.5 Ubuntu 22.04 The operating system installed on the system is Red Hat Enterprise Linux 8.5 Red Hat Enterprise Linux 8.6 Ubuntu 22.04 The operating system installed on the system is Red Hat Enterprise Linux 8.6 Red Hat Enterprise Linux 8.7 Ubuntu 22.04 The operating system installed on the system is Red Hat Enterprise Linux 8.7 Red Hat Enterprise Linux 8.8 Ubuntu 22.04 The operating system installed on the system is Red Hat Enterprise Linux 8.8 Red Hat Enterprise Linux 8.9 Ubuntu 22.04 The operating system installed on the system is Red Hat Enterprise Linux 8.9 Red Hat Enterprise Linux 8.10 Ubuntu 22.04 The operating system installed on the system is Red Hat Enterprise Linux 8.10 Red Hat Enterprise Linux 9 Ubuntu 22.04 The operating system installed on the system is Red Hat Enterprise Linux 9 Red Hat Virtualization 4 Ubuntu 22.04 The operating system installed on the system is Red Hat Virtualization Host 4.4+ or Red Hat Enterprise Host. SUSE Linux Enterprise 12 Ubuntu 22.04 The operating system installed on the system is SUSE Linux Enterprise 12. SUSE Linux Enterprise 15 Ubuntu 22.04 The operating system installed on the system is SUSE Linux Enterprise 15. SUSE Linux Enterprise 16 Ubuntu 22.04 The operating system installed on the system is SUSE Linux Enterprise Server 16. SUSE Linux Enterprise Micro Ubuntu 22.04 The operating system installed on the system is SUSE Linux Enterprise Micro. SUSE Linux Enterprise Micro Ubuntu 22.04 The operating system installed on the system is SUSE Linux Micro. TencentOS Server 4 Ubuntu 22.04 The operating system installed on the system is TencentOS Server 4 Ubuntu Ubuntu 22.04 The operating system installed is an Ubuntu System Ubuntu 22.04 LTS Ubuntu 22.04 The operating system installed on the system is Ubuntu 22.04 LTS Ubuntu 24.04 LTS Ubuntu 22.04 The operating system installed on the system is Ubuntu 24.04 LTS System uses zIPL Ubuntu 22.04 Checks if system uses zIPL bootloader. Check if the scan target is a container Ubuntu 22.04 Check for presence of files characterizing container filesystems. Check if the environment is a OSBuild pipeline Ubuntu 22.04 Check the value of environment variable container. No CD/DVD drive is configured to automount in /etc/fstab Ubuntu 22.04 Check the /etc/fstab and check if a CD/DVD drive is not configured for automount. Device Files for Removable Media Partitions Does Not Exist on the System Ubuntu 22.04 Verify if device file representing removable partitions exist on the system SSHD is not required to be installed or requirement not set Ubuntu 22.04 If SSHD is not required, we check it is not installed. If SSH requirement is unset, we are good. SSHD is required to be installed or requirement not set Ubuntu 22.04 If SSHD is required, we check it is installed. If SSH requirement is unset, we are good. It doesn't matter if sshd is installed or not Ubuntu 22.04 Test if value sshd_required is 0. OpenSSH Server is 7.4 or newer Ubuntu 22.04 Check if version of OpenSSH Server is equal or higher than 7.4 Kernel Runtime Parameter IPv6 Check Ubuntu 22.04 Disables IPv6 for all network interfaces. Test for 64-bit Architecture Ubuntu 22.04 Generic test for 64-bit architectures to be used by other tests Test for aarch_64 Architecture Ubuntu 22.04 Generic test for aarch_64 architecture to be used by other tests Test for PPC and PPCLE Architecture Ubuntu 22.04 Generic test for PPC PPC64LE architecture to be used by other tests Test for s390_64 Architecture Ubuntu 22.04 Generic test for s390_64 architecture to be used by other tests Test for x86 Architecture Ubuntu 22.04 Generic test for x86 architecture to be used by other tests Test for x86_64 Architecture Ubuntu 22.04 Generic test for x86_64 architecture to be used by other tests Ubuntu 22.04 Check /etc/tmux.conf is readable by others Check that file storing USBGuard rules exists and is not empty Ubuntu 22.04 Check that file storing USBGuard rules at /etc/usbguard/rules.conf exists and is not empty Value of 'var_accounts_user_umask' variable represented as octal number Ubuntu 22.04 Value of 'var_accounts_user_umask' variable represented as octal number Value of 'var_removable_partition' variable is set to '/dev/cdrom' Ubuntu 22.04 Verify if value of 'var_removable_partition' variable is set to '/dev/cdrom' Value of 'var_umask_for_daemons' variable represented as octal number Ubuntu 22.04 Value of 'var_umask_for_daemons' variable represented as octal number ^/etc/audit/rules\.d/.*\.rules$ ^\-c\s*$ 1 /etc/audit/audit.rules ^\-c\s*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+task,never[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+task,never[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-e\s+2\s*$ 1 /etc/audit/audit.rules ^\-e\s+2\s*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\s*--loginuid-immutable\s*$ 1 /etc/audit/audit.rules ^\s*--loginuid-immutable\s*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-w[\s]+/etc/apparmor/[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 /etc/audit/audit.rules ^\-w[\s]+/etc/apparmor/[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-w[\s]+/etc/apparmor\.d/[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 /etc/audit/audit.rules ^\-w[\s]+/etc/apparmor\.d/[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-w[\s]+/etc/issue[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 /etc/audit/audit.rules ^\-w[\s]+/etc/issue[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-w[\s]+/etc/issue\.net[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 /etc/audit/audit.rules ^\-w[\s]+/etc/issue\.net[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-w[\s]+/etc/hosts[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 /etc/audit/audit.rules ^\-w[\s]+/etc/hosts[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-w[\s]+/etc/networks[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 /etc/audit/audit.rules ^\-w[\s]+/etc/networks[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-w[\s]+/etc/network/[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 /etc/audit/audit.rules ^\-w[\s]+/etc/network/[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-w\s+/var/run/utmp\s+\-p\s+wa\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-w\s+/var/log/btmp\s+\-p\s+wa\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-w\s+/var/log/wtmp\s+\-p\s+wa\b.*$ 1 /etc/audit/audit.rules ^\-w\s+/var/run/utmp\s+\-p\s+wa\b.*$ 1 /etc/audit/audit.rules ^\-w\s+/var/log/btmp\s+\-p\s+wa\b.*$ 1 /etc/audit/audit.rules ^\-w\s+/var/log/wtmp\s+\-p\s+wa\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32[\s]+-S[\s]+execve[\s]+-C[\s]+euid!=uid[\s]+-F[\s]+auid!=unset[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64[\s]+-S[\s]+execve[\s]+-C[\s]+euid!=uid[\s]+-F[\s]+auid!=unset[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32[\s]+-S[\s]+execve[\s]+-C[\s]+euid!=uid[\s]+-F[\s]+auid!=unset[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64[\s]+-S[\s]+execve[\s]+-C[\s]+euid!=uid[\s]+-F[\s]+auid!=unset[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32[\s]+-S[\s]+execve[\s]+-C[\s]+uid!=euid[\s]+-F[\s]+euid=0[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64[\s]+-S[\s]+execve[\s]+-C[\s]+uid!=euid[\s]+-F[\s]+euid=0[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32[\s]+-S[\s]+execve[\s]+-C[\s]+uid!=euid[\s]+-F[\s]+euid=0[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64[\s]+-S[\s]+execve[\s]+-C[\s]+uid!=euid[\s]+-F[\s]+euid=0[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32[\s]+-S[\s]+execve[\s]+-C[\s]+gid!=egid[\s]+-F[\s]+egid=0[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64[\s]+-S[\s]+execve[\s]+-C[\s]+gid!=egid[\s]+-F[\s]+egid=0[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32[\s]+-S[\s]+execve[\s]+-C[\s]+gid!=egid[\s]+-F[\s]+egid=0[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64[\s]+-S[\s]+execve[\s]+-C[\s]+gid!=egid[\s]+-F[\s]+egid=0[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-f\s+(\d)\s*$ 1 /etc/audit/audit.rules ^\-f\s+(\d)\s*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-w[\s]+/etc/group[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-w[\s]+/etc/passwd[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-w[\s]+/etc/gshadow[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-w[\s]+/etc/shadow[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^\-w[\s]+/etc/security/opasswd[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 /etc/audit/audit.rules ^\-w[\s]+/etc/group[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 /etc/audit/audit.rules ^\-w[\s]+/etc/passwd[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 /etc/audit/audit.rules ^\-w[\s]+/etc/gshadow[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 /etc/audit/audit.rules ^\-w[\s]+/etc/shadow[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 /etc/audit/audit.rules ^\-w[\s]+/etc/security/opasswd[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32[\s]+(?:-F[\s]+dir=/var/log/audit/)[\s]+(?:-F[\s]+perm=r)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64[\s]+(?:-F[\s]+dir=/var/log/audit/)[\s]+(?:-F[\s]+perm=r)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32[\s]+(?:-F[\s]+dir=/var/log/audit/)[\s]+(?:-F[\s]+perm=r)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64[\s]+(?:-F[\s]+dir=/var/log/audit/)[\s]+(?:-F[\s]+perm=r)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /var/log/audit state_group_owner_not_root_var_log_audit_directories /var/log/audit state_group_owner_not_root_var_log_audit_directories-non_root state_group_owner_not_root_var_log_audit_directories state_owner_not_root_var_log_audit_directories /var/log/audit state_owner_not_root_var_log_audit_directories state_not_mode_0700 /var/log/audit state_not_mode_0700 /var/log/audit state_not_mode_0750 state_not_mode_0750 state_group_owner_not_root_var_log_audit /var/log/audit/audit.log state_group_owner_not_root_var_log_audit file_group_ownership_var_log_audit_stig_state_group_owner_not_root /var/log/audit/audit.log file_group_ownership_var_log_audit_stig_state_group_owner_not_root /var/log/audit state_owner_not_root_root_var_log_audit /var/log/audit ^.*$ state_owner_not_root_root_var_log_audit /var/log/audit state_owner_not_root_var_log_audit-non_root /var/log/audit ^.*$ state_owner_not_root_var_log_audit-non_root state_owner_not_root_var_log_audit /var/log/audit ^.*$ state_owner_not_root_var_log_audit state_not_mode_0600 /var/log/audit ^.*$ state_not_mode_0600 state_not_mode_0640 /var/log/audit ^.*$ state_not_mode_0640 ^.*$ state_file_permissions_var_log_audit_stig_not_mode_0600 /var/log/audit/ ^.*$ state_file_permissions_var_log_audit_stig_not_mode_0600 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+umount[\s]+|([\s]+|[,])umount([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+umount[\s]+|([\s]+|[,])umount([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^(?!/proc(/.*|$)).*$ state_audit_rules_privileged_commands_dev_partitons state_audit_rules_privileged_commands_nosuid_partitons state_audit_rules_privileged_commands_noexec_partitons ^\w+ state_setuid_or_setgid_set state_dracut_tmp_files / ^\w+ state_setuid_or_setgid_set state_dracut_tmp_files state_audit_rules_privileged_commands_sysroot var_audit_rules_privileged_commands_priv_cmds_count var_audit_rules_privileged_commands_priv_cmds_count_bootc ^/etc/audit/rules\.d/.*\.rules$ 1 state_unprivileged_commands ^/etc/audit/rules\.d/.*\.rules$ 1 state_unprivileged_commands_bootc /etc/audit/audit.rules 1 state_unprivileged_commands /etc/audit/audit.rules 1 state_unprivileged_commands_bootc ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-w[\s]+/sbin/fdisk[\s]+-p[\s]+x([\s]+-k[\s]+[\S]+)?[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-w[\s]+/sbin/fdisk[\s]+-p[\s]+x([\s]+-k[\s]+[\S]+)?[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-w[\s]+/sbin/insmod[\s]+-p[\s]+x\b.*$ 1 /etc/audit/audit.rules ^[\s]*-w[\s]+/sbin/insmod[\s]+-p[\s]+x\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-w[\s]+/bin/kmod[\s]+-p[\s]+x([\s]+-k[\s]+[\S]+)?[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-w[\s]+/bin/kmod[\s]+-p[\s]+x([\s]+-k[\s]+[\S]+)?[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/kmod(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/kmod(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-w[\s]+/sbin/modprobe[\s]+-p[\s]+x\b.*$ 1 /etc/audit/audit.rules ^[\s]*-w[\s]+/sbin/modprobe[\s]+-p[\s]+x\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-w[\s]+/sbin/rmmod[\s]+-p[\s]+x\b.*$ 1 /etc/audit/audit.rules ^[\s]*-w[\s]+/sbin/rmmod[\s]+-p[\s]+x\b.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*(-S[\s]+adjtimex[\s]+|([\s]+|[,])adjtimex([\s]+|[,])).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64.*(-S[\s]+adjtimex[\s]+|([\s]+|[,])adjtimex([\s]+|[,])).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*(-S[\s]+adjtimex[\s]+|([\s]+|[,])adjtimex([\s]+|[,])).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64.*(-S[\s]+adjtimex[\s]+|([\s]+|[,])adjtimex([\s]+|[,])).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32[\s]+(-S[\s]+clock_settime[\s]+|([\s]+|[,])clock_settime([\s]+|[,]))-F[\s]+a0=(?:0x)?0[\s]+(?:-F[\s]+key=|-k[\s]+)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64[\s]+(-S[\s]+clock_settime[\s]+|([\s]+|[,])clock_settime([\s]+|[,]))-F[\s]+a0=(?:0x)?0[\s]+(?:-F[\s]+key=|-k[\s]+)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32[\s]+(-S[\s]+clock_settime[\s]+|([\s]+|[,])clock_settime([\s]+|[,]))-F[\s]+a0=(?:0x)?0[\s]+(?:-F[\s]+key=|-k[\s]+)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64[\s]+(-S[\s]+clock_settime[\s]+|([\s]+|[,])clock_settime([\s]+|[,]))-F[\s]+a0=(?:0x)?0[\s]+(?:-F[\s]+key=|-k[\s]+)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*(-S[\s]+settimeofday[\s]+|([\s]+|[,])settimeofday([\s]+|[,])).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64.*(-S[\s]+settimeofday[\s]+|([\s]+|[,])settimeofday([\s]+|[,])).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*(-S[\s]+settimeofday[\s]+|([\s]+|[,])settimeofday([\s]+|[,])).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64.*(-S[\s]+settimeofday[\s]+|([\s]+|[,])settimeofday([\s]+|[,])).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*(-S[\s]+stime[\s]+|([\s]+|[,])stime([\s]+|[,])).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*(-S[\s]+stime[\s]+|([\s]+|[,])stime([\s]+|[,])).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audisp-remote.conf ^[ ]*(?i)remote_server(?-i)[ ]+=[ ]+(\S+)[ ]*$ 1 /etc/audit/plugins.d/au-remote.conf ^[ ]*(?i)active(?-i)[ ]+=[ ]+(yes)[ ]*$ 1 /etc/audit/audisp-remote.conf ^[ ]*disk_full_action[ ]+=[ ]+(\S+)[ ]*$ 1 /etc/audit/audisp-remote.conf ^[ ]*enable_krb5[ ]+=[ ]+yes[ ]*$ 1 /etc/audit/audisp-remote.conf ^[ ]*network_failure_action[ ]+=[ ]+(\S+)[ ]*$ 1 /etc/audit/plugins.d/syslog.conf ^[ ]*active[ ]+=[ ]+yes[ ]*$ 1 /etc/audit/auditd.conf ^[ ]*disk_error_action[ ]+=[ ]+(\S+)[ ]*$ 1 /etc/audit/auditd.conf ^[ ]*disk_error_action[ ]+=[ ]+(\S+)[ ]*$ 1 /etc/audit/auditd.conf ^[ ]*disk_full_action[ ]+=[ ]+(\S+)[ ]*$ 1 /etc/audit/auditd.conf ^[ ]*disk_full_action[ ]+=[ ]+(\S+)[ ]*$ 1 /etc/audit/auditd.conf ^[ ]*action_mail_acct[ ]+=[ ]+(\S+)[ ]*$ 1 /etc/audit/auditd.conf ^[ ]*admin_space_left_action[ ]+=[ ]+(\S+)[ ]*$ 1 /etc/audit/auditd.conf ^[\s]*admin_space_left[\s]+=[\s]+(\d+)%[\s]*$ 1 /etc/audit/auditd.conf ^[ ]*flush[ ]+=[ ]+(\S+)[ ]*$ 1 /etc/audit/auditd.conf ^[ ]*max_log_file[ ]+=[ ]+(\d+)[ ]*$ 1 /etc/audit/auditd.conf ^[ ]*max_log_file_action[ ]+=[ ]+(\S+)[ ]*$ 1 /etc/audit/auditd.conf ^[ ]*max_log_file_action[ ]+=[ ]+(\S+)[ ]*$ 1 /etc/audit/auditd.conf ^[ ]*num_logs[ ]+=[ ]+(\d+)[ ]*$ 1 /etc/audit/auditd.conf ^[\s]*space_left[\s]+=[\s]+(\d+)[\s]*$ 1 /etc/audit/auditd.conf ^[ ]*space_left_action[ ]+=[ ]+(\S+)[ ]*$ 1 /etc/audit/auditd.conf ^[\s]*space_left[\s]+=[\s]+(\d+)%[\s]*$ 1 /etc/audit/auditd.conf ^[ \t]*(?i)name_format(?-i)[ \t]*=[ \t]*(.+?)[ \t]*(?:$|#) 1 /etc/cron.weekly/audit-offload ^.*$ 1 /etc/audit/auditd.conf ^[ \t]*(?i)overflow_action(?-i)[ \t]*=[ \t]*(.+?)[ \t]*(?:$|#) 1 /etc/audit/rules.d/10-base-config.rules (?:.*\n)* 1 ^/usr/share/doc/audit(?:-\d.\d.\d)?/rules/10-base-config.rules (?:.*\n)* 1 /etc/audit/rules.d/11-loginuid.rules (?:.*\n)* 1 ^/usr/share/doc/audit(?:-\d.\d.\d)?/rules/11-loginuid.rules (?:.*\n)* 1 /etc/audit/rules.d/30-ospp-v42.rules (?:.*\n)* 1 ^/usr/share/doc/audit(?:-\d.\d.\d)?/rules/30-ospp-v42.rules (?:.*\n)* 1 /etc/audit/rules.d/43-module-load.rules (?:.*\n)* 1 ^/usr/share/doc/audit(?:-\d.\d.\d)?/rules/43-module-load.rules (?:.*\n)* 1 /etc/apt/apt.conf(\.d/.*)?$ ^[^#]*(?i)AllowUnauthenticated(?-i)(.*)$ 1 ^/etc/apt/sources(.d\/[a-zA-Z0-9]+){0,1}.list$ ^deb[\s]+http://[a-z\.]+\.debian\.org/debian[\s]+[a-z]+[\s]+main 1 ^/etc/apt/sources(.d\/[a-zA-Z0-9]+){0,1}.list$ ^deb[\s]+http://security\.debian\.org/debian-security[\s]+[a-z]+/updates[\s]+main 1 /etc/sysconfig/network-scripts ifcfg-.* ^[\s]*BOOTPROTO[\s]*=[\s"]*([^#"\s]*) 1 /etc/fapolicyd/compiled.rules ^\s*deny\s*perm=any\s*all\s*:\s*all\s*\z 1 /etc/fapolicyd/fapolicyd.rules ^\s*deny\s*perm=any\s*all\s*:\s*all\s*\z 1 /etc/fapolicyd/fapolicyd.conf ^\s*permissive\s*=\s*(\d+) 1 /etc/vsftpd/vsftpd.conf ^[\s]*xferlog_enable[\s]*=[\s]*YES$ 1 /etc/vsftpd/vsftpd.conf ^[\s]*xferlog_std_format[\s]*=[\s]*NO$ 1 /etc/vsftpd/vsftpd.conf ^[\s]*log_ftp_protocol[\s]*=[\s]*YES$ 1 /etc/vsftpd/vsftpd.conf ^[\s]*banner_file=/etc/issue[\s]*$ 1 /etc/httpd/conf /var/log/httpd /etc/httpd/conf.d/ ^.*$ /etc/httpd/conf ^.*$ /etc/httpd/conf.modules.d/ ^.*$ /etc/dovecot/conf.d/10-auth.conf ^[\s]*disable_plaintext_auth[\s]*=[\s]*yes[\s]*$ 1 /etc/dovecot/conf.d/10-ssl.conf ^[\s]*ssl[\s]*=[\s]*(yes|required)[\s]*$ 1 ^/etc/.+\.keytab$ /etc/sysconfig/authconfig ^[\s]*USELDAPAUTH=yes[\s]*$ 1 /etc/nslcd.conf ^[\s]*ssl[\s]+start_tls[\s]*$ 1 /etc/nslcd.conf ^[\s]*tls_cacertdir[\s]+/etc/pki/tls/CA$ 1 /etc/nslcd.conf ^[\s]*tls_cacertfile[\s]+/etc/pki/tls/CA/.*\.(pem|crt)$ 1 tcp 127.0.0.1 25 ste_not_port_25 ste_not_on_localhost tcp 127.0.0.1 465 ste_not_port_465 ste_not_on_localhost tcp 127.0.0.1 587 ste_not_port_587 ste_not_on_localhost /etc/aliases ^(?:[rR][oO][oO][tT]|"[rR][oO][oO][tT]")\s*:\s*(.+)$ 1 /etc/aliases ^(?i)postmaster\s*:\s*(.+)$ 1 /etc/postfix/main.cf ^[\s]*inet_interfaces[\s]*=[\s]*(.*)[\s]*$ 1 /etc/postfix/main.cf ^[\s]*smtpd_banner[\s]*=[\s]*\$myhostname[\s]+ESMTP[\s]*$ 1 /etc/postfix/main.cf ^[ \t]*smtpd_client_restrictions = (.+?)[ \t]*(?:$|#) 1 ^/etc/postfix/main.cf /etc/exports ^(.*?(\binsecure_locks\b)[^$]*)$ 1 /etc/exports ^\/.*\((\S+)\)$ 0 /etc/exports ^\/.*$ 0 ^(/etc/chrony/chrony\.conf|/etc/chrony/conf\.d/.+\.conf)$ ^(?:server|pool|peer)[\s]+[\S]+[\s]+(.*) 1 /etc/chrony/chrony.conf ^\s*port[\s]+(\S+) 1 /etc/chrony/chrony.conf 1 /etc/chrony/chrony.conf 1 /etc/chrony/chrony.conf ^\s*cmdport[\s]+(\S+) 1 /etc/ntp.conf ^server[\s]+[\S]+.*maxpoll[\s]+(\d+) 1 ^(/etc/chrony/chrony\.conf|/etc/chrony/conf\.d/.+\.conf)$ ^(?:server|pool|peer)[\s]+[\S]+.*maxpoll[\s]+(\d+) 1 /etc/ntp.conf ^server[\s]+[\S]+[\s]+(.*) 1 ^(/etc/chrony/chrony\.conf|/etc/chrony/conf\.d/.+\.conf)$ ^(?:server|pool|peer)[\s]+[\S]+[\s]+(.*) 1 /etc/chrony/chrony.conf ^[ \t]*user[[:space:]](.+?)[ \t]*(?:$|#) 1 /etc/chrony/chrony.conf ^[ \t]*user[[:space:]] 1 ^(/etc/chrony/chrony\.conf|/etc/chrony/conf\.d/.+\.conf)$ ^[\s]*server.*$ 1 ^(/etc/chrony/chrony\.conf|/etc/chrony/conf\.d/.+\.conf)$ ^[\s]+pool.*$ 1 var_chronyd_config_servers ^(/etc/chrony/chrony.conf|/etc/chrony/conf.d/.+\.conf)$ ^\s*server\s+(\S+)\b.*$ 1 /etc/nsswitch.conf ^\s*group:\s+(.*)$ 1 nss-altfiles /etc/chrony.keys state_file_groupowner_etc_chrony_keys_uid_chrony state_file_groupowner_etc_chrony_keys_gid_chrony /etc/group ^chrony:[\w!]+:(\w+):.* 1 /etc/chrony.keys state_file_groupowner_etc_chrony_keys_uid_chrony state_file_groupowner_etc_chrony_keys_gid_chrony_with_usrlib object_file_groupowner_etc_chrony_keys_etc_group object_file_groupowner_etc_chrony_keys_usr_lib_group /usr/lib/group ^chrony:[\w!]+:(\w+):.* 1 ^(chrony|systemd-timesyncd).service$ ActiveState ste_ntp_single_service_active_timesync_services var_ntp_single_service_active_timesync_active_count /etc/ntp.conf ^[\s]*restrict[\s]+(-4[\s]*)?default(?=.*kod)(?=.*nomodify)(?=.*notrap)(?=.*nopeer)(?=.*noquery).*$ 1 /etc/ntp.conf ^[\s]*restrict[\s]+-6[\s]+default(?=.*kod)(?=.*nomodify)(?=.*notrap)(?=.*nopeer)(?=.*noquery).*$ 1 /etc/sysconfig/ntpd ^[\s]*OPTIONS=.*-u ntp:ntp.*$ 1 /usr/lib/systemd/system/ntpd.service ^[\s]*ExecStart=.*-u ntp:ntp.*$ 1 /etc/ntp.conf ^([\s]*server[\s]+.+$){2,}$ 1 /etc/ntp.conf ^[\s]*server[\s]+.+$ 1 /etc/systemd/timesyncd.conf 1 /etc/systemd/timesyncd.conf.d ^.*\.conf$ 1 /etc/systemd/timesyncd.d ^.*\.conf$ ^\s*RootDistanceMax=\d+ 1 /etc/systemd/timesyncd.conf ^\s*RootDistanceMax=\d+ 1 /etc/hosts.deny ^[ \t]*ALL:[ \t]+(.+?)[ \t]*(?:$|#) 1 ^/etc/hosts.deny /etc/nsswitch.conf ^\w+\s+(\w+\s+)*nis($|\s+.*$) 1 / shosts.equiv /root ^\.rhosts$ /home ^\.rhosts$ /etc ^hosts\.equiv$ / .shosts /etc/systemd/system/tftp.service.d .*\.conf$ ^\s*ExecStart=\s*(?:.*\n)*?(\s*ExecStart=.+)$ 1 /usr/lib/systemd/system/tftp.service ^\s*ExecStart\s*=\s*/\S+\s+-s\s+(/\S+).*$ 1 /etc/xinetd.d/tftp ^[\s]*server_args[\s]+=[\s]+.*?-s[\s]+([/\.\w]+).*$ 1 /etc/cups/cupsd.conf ^[\s]*Browsing[\s]+(?:Off|No) 1 /etc/cups/cupsd.conf ^[\s]*BrowseAllow[\s]+(?:none) 1 /etc/cups/cupsd.conf ^[\s]*Port[\s]+(\d)+ 1 /etc/cups/cupsd.conf ^[\s]*Listen[\s]+(?:localhost|127\.0\.0\.1|::1):(\d)+ 1 /etc/fstab ^[\s]*[\S]+[\s]+[\S]+[\s]+cifs[\s]+([\S]+) 1 /etc/mtab ^[\s]*[\S]+[\s]+[\S]+[\s]+cifs[\s]+([\S]+) 1 /etc/samba/smb.conf ^[\s]*client[\s]+signing[\s]*=[\s]*mandatory 1 /etc/snmp/snmpd.conf ^((?!#).)*(public|private).* 1 /etc/snmp/snmpd.conf ^[\s]*(com2se|rocommunity|rwcommunity) 1 /etc/ssh .*_key$ exclude_symlinks__sshd_private_key filter_ssh_key_owner_root /etc/firewalld/services ^.*\.xml$ /service/service[@name='ssh'] /etc/firewalld/services ^.*\.xml$ /service/port[@port='22'] /etc/firewalld/zones ^.*\.xml$ /zone/service[@name='ssh'] /etc/firewalld/zones ^.*\.xml$ /zone/port[@port='22'] /etc/ssh/ssh_config ^[\s]*RekeyLimit.*$ 1 ^/etc/ssh/ssh_config\.d/.*\.conf$ 1 /etc/ssh/ssh_config ^[ \t]*(?i)ciphers(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/ssh_config.d .*\.conf$ ^[ \t]*(?i)ciphers(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_ssh_client_use_approved_ciphers_ordered_stig obj_ssh_client_use_approved_ciphers_ordered_stig_config_dir /etc/profile.d/cc-ssh-strong-rng.csh ^[\s]*setenv[\s]+SSH_USE_STRONG_RNG[\s]+([\d]+)$ 1 /etc/profile ^[\s]*setenv[\s]+SSH_USE_STRONG_RNG.*$ 1 /etc/profile.d/cc-ssh-strong-rng.sh ^[\s]*export[\s]+SSH_USE_STRONG_RNG=([\d]+)$ 1 /etc/profile ^[\s]*export[\s]+SSH_USE_STRONG_RNG=.*$ 1 /etc/ssh/ssh_config ^[ \t]*(?i)MACs(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/ssh_config.d .*\.conf$ ^[ \t]*(?i)MACs(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_ssh_use_approved_macs_ordered_stig obj_ssh_use_approved_macs_ordered_stig_config_dir /usr/lib/firewalld/zones /zone/service[@name='ssh'] /etc/firewalld/zones var_firewalld_sshd_port_enabled_custom_zone_files_with_ssh_count /etc/firewalld/zones ^.*\.xml$ /zone/service[@name='ssh'] /etc/firewalld/zones ^.*\.xml$ /usr/lib/firewalld/services/ssh.xml /service/port[@port='22'] /etc/firewalld/services/ssh.xml <port.*port="(\d+)" 1 /etc/ssh/sshd_config ^[ \t]*(?i)Include(?-i)[ \t]+/etc/ssh/sshd_config\.d/\*.conf$ 1 /etc/ssh/(sshd_config|sshd_config\.d/.*\.conf) ^[ \t]*(?i)Include(?-i)[ \t]+/etc/crypto-policies/back-ends/opensshserver\.config$ 1 ^\/etc\/ssh\/sshd_config.*$ (?i)^[ ]*AllowUsers[ ]+((?:[^ \n]+[ ]*)+)$ 1 ^/etc/ssh/sshd_config.*$ (?i)^[ ]*AllowGroups[ ]+((?:[^ \n]+[ ]*)+)$ 1 ^/etc/ssh/sshd_config.*$ (?i)^[ ]*DenyUsers[ ]+((?:[^ \n]+[ ]*)+)$ 1 ^/etc/ssh/sshd_config.*$ (?i)^[ ]*DenyGroups[ ]+((?:[^ \n]+[ ]*)+)$ 1 /etc/ssh/sshd_config ^[\s]*RekeyLimit[\s]+(.*)$ 1 /etc/ssh/sshd_config.d .*\.conf$ ^[\s]*RekeyLimit[\s]+(.*)$ 1 /etc/ssh/sshd_config ^[\s]*(?i)ClientAliveInterval[\s]+(\d+)[\s]*(?:#.*)?$ 1 /etc/ssh/sshd_config.d .*\.conf$ ^[\s]*(?i)ClientAliveInterval[\s]+(\d+)[\s]*(?:#.*)?$ 1 object_sshd_idle_timeout object_sshd_idle_timeout_config_dir /etc/ssh/sshd_config ^[\s]*(?i)LoginGraceTime[\s]+(\d+)[\s]*(?:#.*)?$ 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)LoginGraceTime(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 object_sshd_login_grace_time obj_sshd_set_login_grace_time_config_dir /etc/ssh/sshd_config ^[\s]*(?i)MaxAuthTries[\s]+(\d+)[\s]*(?:#.*)?$ 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)MaxAuthTries(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 object_sshd_max_auth_tries obj_sshd_set_max_auth_tries_config_dir /etc/ssh/sshd_config ^[\s]*(?i)MaxSessions[\s]+(\d+)[\s]*(?:#.*)?$ 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)MaxSessions(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 object_sshd_max_sessions obj_sshd_set_max_sessions_config_dir /etc/(ssh|ssh/sshd_config.d) (sshd_config|.*\.conf)$ (?i)^\s*MaxStartups\s+(\d+):\d+:\d+\s*$ 1 /etc/(ssh|ssh/sshd_config.d) (sshd_config|.*\.conf)$ (?i)^\s*MaxStartups\s+\d+:(\d+):\d+\s*$ 1 /etc/(ssh|ssh/sshd_config.d) (sshd_config|.*\.conf)$ (?i)^\s*MaxStartups\s+\d+:\d+:(\d+)\s*$ 1 var_sshd_config_ciphers /etc/ssh/sshd_config ^[\s]*(?i)Ciphers(?-i)[\s]+([\w,-@]+)+[\s]*(?:#.*)?$ 1 /etc/ssh/sshd_config ^[ \t]*(?i)ciphers(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)ciphers(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_use_approved_ciphers_ordered_stig obj_sshd_use_approved_ciphers_ordered_stig_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)KexAlgorithms(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)KexAlgorithms(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_use_approved_kex_ordered_stig obj_sshd_use_approved_kex_ordered_stig_config_dir var_sshd_config_macs /etc/ssh/sshd_config ^[\s]*(?i)MACs(?-i)[\s]+([\w,-@]+)+[\s]*(?:#.*)?$ 1 /etc/ssh/sshd_config ^[ \t]*(?i)MACs(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)MACs(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_use_approved_macs_ordered_stig obj_sshd_use_approved_macs_ordered_stig_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)match(?-i)\s+\S+ 1 /etc/ssh/sshd_config ^[ \t]*(?i)Ciphers(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)Ciphers(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_use_strong_ciphers obj_sshd_use_strong_ciphers_config_dir var_sshd_config_kex /etc/ssh/sshd_config ^[\s]*(?i)KexAlgorithms(?-i)[\s]+([\w,-@]+)+[\s]*(?:#.*)?$ 1 var_sshd_config_kex_config_dir /etc/ssh/sshd_config.d .*\.conf$ ^[\s]*(?i)KexAlgorithms(?-i)[\s]+([\w,-@]+)+[\s]*(?:#.*)?$ 1 obj_sshd_config_kex obj_sshd_config_kex_config_dir var_sshd_config_strong_macs /etc/ssh/sshd_config ^[\s]*(?i)MACs(?-i)[\s]+([\w,-@]+)+[\s]*(?:#.*)?$ 1 var_sshd_config_macs_config_dir /etc/ssh/sshd_config.d .*\.conf$ ^[\s]*(?i)MACs(?-i)[\s]+([\w,-@]+)+[\s]*(?:#.*)?$ 1 obj_sshd_config_strong_macs obj_sshd_config_macs_config_dir ^/etc/sssd/(sssd|conf\.d/.*)\.conf$ ^[\s]*\[sssd](?:[^\n\[]*\n+)+?[\s]*certificate_verification\s*=\s*ocsp_dgst=(\w+)$ 1 ^/etc/sssd/sssd.conf$ ^[\s]*\[domain\/.*](?:[^\n\[]*\n+)+?[\s]*certificate_verification\s*=\s*([\w,]+)$ 1 ^/etc/sssd/(sssd|conf\.d/.*)\.conf$ ^\s*\[sssd\].*(?:\n\s*[^[\s].*)*\n\s*services[ \t]*=[ \t]*(.*)$ 1 /etc/sssd/(sssd\.conf|conf.d/[^/]+\.conf) ^[\s]*\[pam](?:[^\n\[]*\n+)+?[\s]*pam_cert_auth[\s]*=[\s]*(\w+)\s*$ 1 /etc/sssd/sssd.conf ^[\s]*\[[^\n\[\]]+\](?:[^\n\[]*\n+)+?[\s]*ldap_user_certificate\s*=\s*([\w;]+)$ 1 /etc/sssd/sssd.conf ^[\s]*\[nss](?:[^\n\[]*\n+)+?[\s]*memcache_timeout[\s]*=[\s]*(\d+)$ 1 ^\/etc\/sssd\/(sssd.conf|conf\.d\/.+\.conf)$ ^[\s]*\[pam](?:[^\n\[]*\n+)+?[\s]*offline_credentials_expiration[\s]*=[\s]*(\d+)\s*(?:#.*)?$ 1 ^/etc/sssd/(sssd|conf\.d/.*)\.conf$ ^\s*\[sssd\].*(?:\n\s*[^[\s].*)*\n\s*user[ \t]*=[ \t]*(\S*) 1 /etc/sssd/sssd.conf ^[\s]*\[ssh](?:[^\n\[]*\n+)+?[\s]*ssh_known_hosts_timeout[\s]*=[\s]*(\d+)$ 1 /etc/sssd/(sssd\.conf|conf.d/[^/]+\.conf) ^[\s]*\[domain\/[^]]*](?:[^\n[\]]*\n+)+?[\s]*ldap_tls_cacertdir[\s]+=[\s]+([^\s]+)[\s]*$ 1 ^\/etc\/sssd\/(sssd.conf|conf\.d\/.+\.conf)$ ^[\s]*\[domain\/[^]]*](?:[^\n\[\]]*\n+)+?[\s]*ldap_tls_reqcert[ \t]*=[ \t]*(\w+)[ \t]*$ 1 ^\/etc\/sssd\/(sssd.conf|conf\.d\/.+\.conf)$ ^[\s]*\[domain\/[^]]*](?:[^\n\[\]]*\n+)+?[\s]*ldap_id_use_start_tls[ \t]*=[ \t]*((?i)\w+)[ \t]*$ 1 xorg-x11-server-Xorg xorg-x11-server-common xorg-x11-server-utils xorg-x11-server-Xwayland /etc/systemd/system/default.target /etc/pam.d/system-auth /etc/pam.d/password-auth /etc/pam.d/fingerprint-auth /etc/pam.d/password-auth /etc/pam.d/postlogin /etc/pam.d/smartcard-auth /etc/pam.d/system-auth ^/etc/issue(\.d/.*)?$ ^(.*)$ 1 ^/etc/issue\.net$ ^(.*)$ 1 /etc/motd /etc/motd ^(.*)$ 1 /etc/profile.d/ssh_confirm.sh /etc/profile.d/ssh_confirm.sh ^(.*)$ 1 /etc/gdm/banner 1 /etc/gdm/banner /etc/dconf/db/gdm.d/ ^.*$ ^\[org/gnome/login-screen\]([^\n]*\n+)+?banner-message-enable=true$ 1 /etc/dconf/db/gdm.d/locks/ ^.*$ ^/org/gnome/login-screen/banner-message-enable$ 1 /etc/gdm3/greeter.dconf-defaults ^\[org/gnome/login-screen\]([^\n]*\n+)+?banner-message-enable=true$ 1 /etc/dconf/db/gdm.d/ ^.*$ ^banner-message-text=\s*'([^']*)'$ 1 /etc/gdm3/greeter.dconf-defaults ^banner-message-text=\s*'([^']*)'$ 1 /etc/gdm/Xsession /etc/gdm/Xsession \A#!/bin/sh\n(# BEGIN ANSIBLE MANAGED BLOCK\n)?\s*if ! zenity --text-info(\\\n|(?!\n)\s)+--title "Consent"(\\\n|(?!\n)\s)+--filename=/etc/gdm/banner(\\\n|(?!\n)\s)+--no-markup(\\\n|(?!\n)\s)+--checkbox="Accept." 10 10; then\s+sleep 1[;\n]\s*exit 1[;\n]\s*fi(# END ANSIBLE MANAGED BLOCK\n)?\s 1 /etc/pam.d/common-auth ^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=\d+\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bdefault=ignore\b)?.*\])[\s]+pam_unix\.so.*$ 1 /etc/pam.d/common-account ^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=\d+\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bdefault=ignore\b)?.*\])[\s]+pam_unix\.so.*$ 1 /etc/pam.d/common-password ^[\s]*password[\s]+(required|\[(?=.*?\bsuccess=\d+\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bdefault=ignore\b)?.*\])[\s]+pam_unix\.so.*$ 1 /etc/pam.d/common-session ^[\s]*session[\s]+(required|\[(?=.*?\bsuccess=\d+\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bdefault=ignore\b)?.*\])[\s]+pam_unix\.so.*$ 1 /etc/pam.d/sudo ^.*pam_succeed_if.*$ 1 /etc/pam.d/login ^\s*session\s+.*\s+pam_lastlog.so\b(?!.*\ssilent\s).*\sshowfailed\s.*$ 1 /etc/pam.d/login ^\s*session\s+required\s+pam_namespace\.so\s*$ 1 ^/etc/pam.d/password-auth$ ^[\s]*auth\N+pam_unix\.so 1 ^/etc/pam.d/password-auth$ 1 ^/etc/pam.d/password-auth$ 1 ^/etc/pam.d/system-auth$ ^[\s]*auth\N+pam_unix\.so 1 ^/etc/pam.d/system-auth$ 1 ^/etc/pam.d/system-auth$ 1 /etc/pam.d/password-auth|/etc/pam.d/system-auth|/etc/security/faillock.conf ^\s*(?:auth.*pam_faillock\.so.*)?dir\s*=\s*(\S+) 1 var_account_password_selinux_faillock_dir_collector /etc/pam.d/system-auth 1 /etc/pam.d/password-auth 1 /etc/security/faillock.conf ^\s*audit 1 /etc/pam.d/common-password ^[\s]*password[\s]+((?:\[success=\d+\s+default=ignore\])|(?:requisite)|(?:required))[\s]+pam_pwhistory\.so[\s]+.*$ 1 /etc/pam.d/common-password 1 /etc/pam.d/common-password ^[ \t]*password[ \t]+(?:(?:sufficient)|(?:required)|(?:requisite)|(?:\[.*\]))[ \t]+pam_pwhistory\.so[ \t]+[^#\n\r]*\benforce_for_root\b.*$ 1 /etc/pam.d/common-password 1 /etc/pam.d/common-password ^[ \t]*password[ \t]+(?:(?:sufficient)|(?:required)|(?:requisite)|(?:\[.*\]))[ \t]+pam_pwhistory\.so[ \t]+[^#\n\r]*\bremember=([0-9]*)\b.*$ 1 /etc/pam.d/password-auth 1 /etc/pam.d/password-auth 1 ^/etc/security/pwhistory.conf$ 1 /etc/pam.d/system-auth 1 /etc/pam.d/system-auth 1 ^/etc/security/pwhistory.conf$ 1 /etc/pam.d/common-password ^[^#\n\r]*password[ \t]+.*pam_pwhistory\.so.*$ 1 accounts_password_pam_pwhistory_use_authtok_obj_use_authtok_password_lines_except_first_common-password accounts_password_pam_pwhistory_use_authtok_ste_use_authtok_pam_pwhistory_lines /etc/pam.d/common-password ^[ \t]*password[ \t]+(.+)$ 2 /etc/pam.d/common-password ^[ \t]*password[ \t]+[^#\n\r]+[ \t]+pam_unix\.so.*$ 1 obj_accounts_password_pam_unix_authtok_password_lines_not_initial_common-password ste_accounts_password_pam_unix_authtok_pam_unix_lines /etc/pam.d/common-password ^[ \t]*password[ \t]+(.+)$ 2 /etc/pam.d/common-password 1 /etc/pam.d/common-password 1 ^/etc/security/pwhistory.conf$ 1 /etc/pam.d/common-password ^\s*password\s+(?:(?:sufficient)|(?:required)|(?:\[.*\]))\s+pam_unix\.so.*remember=([0-9]*).*$ 1 /etc/pam.d/common-auth 1 /etc/pam.d/common-auth 1 /etc/pam.d/common-account 1 /etc/pam.d/common-auth 1 /etc/security/faillock.conf 1 ^/etc/pam.d/system-auth$ 1 ^/etc/pam.d/password-auth$ 1 ^/etc/pam.d/system-auth$ 1 ^/etc/pam.d/system-auth$ 1 ^/etc/pam.d/password-auth$ 1 ^/etc/pam.d/password-auth$ 1 ^/etc/pam.d/system-auth$ 1 ^/etc/pam.d/password-auth$ 1 ^/etc/security/faillock.conf$ 1 /etc/pam.d/system-auth 1 state_pam_faillock_dir_parameter_not_default_value /etc/pam.d/password-auth 1 state_pam_faillock_dir_parameter_not_default_value /etc/pam.d/system-auth 1 var_faillock_dir_set_both_preauth_authfail_system_auth var_faillock_dir_set_both_preauth_authfail_password_auth /etc/security/faillock.conf 1 /etc/pam.d/common-auth 1 /etc/pam.d/common-auth 1 /etc/pam.d/common-account 1 ^/etc/pam.d/system-auth$ 1 ^/etc/pam.d/password-auth$ 1 ^/etc/pam.d/system-auth$ 1 ^/etc/pam.d/system-auth$ 1 ^/etc/pam.d/password-auth$ 1 ^/etc/pam.d/password-auth$ 1 ^/etc/security/faillock.conf$ 1 /etc/pam.d/common-auth 1 /etc/pam.d/common-auth 1 /etc/pam.d/common-account 1 /etc/pam.d/common-auth 1 /etc/security/faillock.conf 1 /etc/pam.d/system-auth 1 /etc/pam.d/system-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/common-auth 1 /etc/pam.d/common-auth 1 /etc/pam.d/system-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/common-account 1 /etc/pam.d/system-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/common-auth 1 /etc/security/faillock.conf 1 /etc/pam.d/common-auth ^\s*auth(?:(?!\n)\s)+required(?:(?!\n)\s)+pam_tally2.so(?:(?!\n)\s)+(?:(?:(?:(?!\n)\s)?[^\n]+)?onerr=fail(?:(?:(?!\n)\s)+[^\n]+)?(?:(?!\n)\s)+deny=(\d+)(?:(?:\s+\S+)*\s*$))|(?:(?:(?:(?!\n)\s)?[^\n]+)?deny=(\d+)(?:(?:(?!\n)\s)+[^\n]+)?(?:(?!\n)\s)+onerr=fail(?:(?:\s+\S+)*\s*$)) 1 /etc/pam.d/common-account ^\s*account(?:(?!\n)\s)+required(?:(?!\n)\s)+pam_tally2.so(\s|$) 1 /etc/pam.d/login ^\s*auth(?:(?!\n)\s)+required(?:(?!\n)\s)+pam_tally2.so(?:(?!\n)\s)+(?:(?:(?:(?!\n)\s)?[^\n]+)?even_deny_root(?:(?:\s+\S+)*\s*$)) 1 /etc/pam.d/login ^\s*auth(?:(?!\n)\s)+required(?:(?!\n)\s)+pam_tally2.so(?:(?!\n)\s)+(?:(?:(?:(?!\n)\s)?[^\n]+)?deny=(\d+)(?:(?:\s+\S+)*\s*$)) 1 /etc/pam.d/common-account ^\s*account(?:(?!\n)\s)+required(?:(?!\n)\s)+pam_tally2.so(\s|$) 1 /var/log/tallylog /etc/pam.d/login ^\s*auth\s+required\s+pam_tally2\.so\s+[^\n]*unlock_time=([0-9]+)[\s+\S+]*\s*\\*$ 1 /etc/pam.d/common-account ^\s*account(?:(?!\n)\s)+required(?:(?!\n)\s)+pam_tally2.so(\s|$) 1 /etc/pam.d/passwd ^[\s]*password[\s]+substack[\s]+system-auth.*$ 1 ^/etc/security/pwquality.conf$ ^enforce_for_root$ 1 /etc/pam.d/common-password ^\s*password\s+(?:(?:required)|(?:requisite))\s+pam_pwquality\.so.*$ 1 /etc/pam.d/password-auth ^password[\s]*requisite[\s]*pam_pwquality\.so 1 /etc/pam.d/system-auth ^password[\s]*requisite[\s]*pam_pwquality\.so 1 /etc/pam.d/common-password ^\s*password\s+(?:(?:required)|(?:requisite))\s+pam_pwquality\.so.*retry=([0-9]*).*$ 1 /etc/security/pwquality.conf ^[\s]*retry[\s]*=[\s]*(\d+)(?:[\s]|$) 1 /etc/pam.d/common-password ^[\s]*password[\s]+(?:\[success=\d+\s+default=ignore\])[\s]+pam_unix\.so[\s]+(?!.*\b(sha512|yescrypt|gost_yescrypt|blowfish|sha256|md5|bigcrypt)\b[^#]*\b(sha512|yescrypt|gost_yescrypt|blowfish|sha256|md5|bigcrypt)\b)[^#]*\b(sha512|yescrypt|gost_yescrypt|blowfish|sha256|md5|bigcrypt)\b.*$ 1 /etc/libuser.conf ^[\s]*crypt_style[\s]*=[\s]*(\w*)[\s]*$ 1 /etc/login.defs .*\n[^#]*(ENCRYPT_METHOD\s+\w+)\s*\n 1 variable_last_encrypt_method_instance_value /etc/pam.d/password-auth ^[\s]*password[\s]+(?:(?:required)|(?:sufficient))[\s]+pam_unix\.so[\s]+(?!.*(sha512|yescrypt|gost_yescrypt|blowfish|sha256|md5|bigcrypt).*(sha512|yescrypt|gost_yescrypt|blowfish|sha256|md5|bigcrypt)).*(sha512|yescrypt|gost_yescrypt|blowfish|sha256|md5|bigcrypt).*$ 1 /etc/pam.d/common-password ^[\s]*password[\s]+(?:\[success=\d+\s+default=ignore\])[\s]+pam_unix\.so[\s]+(?!.*\b(sha512|yescrypt|gost_yescrypt|blowfish|sha256|md5|bigcrypt)\b[^#]*\b(sha512|yescrypt|gost_yescrypt|blowfish|sha256|md5|bigcrypt)\b)[^#]*\b(sha512|yescrypt|gost_yescrypt|blowfish|sha256|md5|bigcrypt)\b.*$ 1 /etc/login.defs ^\s*SHA_CRYPT_MIN_ROUNDS\s* 1 /etc/login.defs ^\s*SHA_CRYPT_MIN_ROUNDS\s+(\d+)\s*$ 1 /etc/login.defs ^\s*SHA_CRYPT_MAX_ROUNDS\s* 1 /etc/login.defs ^\s*SHA_CRYPT_MAX_ROUNDS\s+(\d+)\s*$ 1 local_var_password_hashing_min_rounds_login_defs ^/etc/systemd/system.conf(\.d/.*\.conf)?$ ^[\s]*CtrlAltDelBurstAction[\s]*=[\s]*none$ 1 /etc/systemd/system/ctrl-alt-del.target /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(?:.*\s)?systemd\.confirm_spawn(?:=(?:1|yes|true|on))?(?:\s.*)?"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT=".*systemd\.confirm_spawn=(?:1|yes|true|on).*$ 1 /etc/systemd/logind.conf ^\s*\[Login\].*(?:\n\s*[^[\s].*)*\n^\s*StopIdleSessionSec[ \t]*=[ \t]*(.+?)[ \t]*(?:$|#) 1 ^/etc/systemd/logind.conf /usr/lib/systemd/system/emergency.service ^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\" 1 /usr/lib/systemd/system/emergency.target ^Requires=.*emergency\.service 1 /etc/systemd/system ^emergency.service$ /etc/systemd/system ^emergency.target$ /etc/systemd/system/emergency.service.d ^.*\.conf$ /usr/lib/systemd/system/rescue.service ^ExecStart\s?=\s?\-?(.*)$ 1 /etc/systemd/system/rescue.service.d ^.*\.conf$ ^.*ExecStart\s?=\s+.*ExecStart\s?=\s?\-?(.*)$ 1 /usr/lib/systemd/system/runlevel1.target ^Requires=.*rescue\.service 1 /usr/lib/systemd/system/rescue.target ^Requires=.*rescue\.service 1 /etc/systemd/system ^rescue.service$ /etc/systemd/system ^runlevel1.target$ ^/etc/bashrc$|^/etc/profile\.d/.*$ if \[ "\$PS1" \]; then\n\s+parent=\$\(ps -o ppid= -p \$\$\)\n\s+name=\$\(ps -o comm= -p \$parent\)\n\s+case "\$name" in \(?sshd\|login\) exec tmux ;; esac\nfi 1 ^/etc/bashrc$|^/etc/profile\.d/.*$ if \[ "\$PS1" \]; then\n\s+parent=\$\(ps -o ppid= -p \$\$\)\n\s+name=\$\(ps -o comm= -p \$parent\)\n\s+case "\$name" in \(?sshd\|login\) tmux ;; esac\nfi 1 /etc/tmux.conf ^\s*set\s+-g\s+lock-after-time\s+(\d+)\s*(?:#.*)?$ 1 /etc/tmux.conf ^\s*set\s+-g\s+lock-command\s+vlock\s*(?:#.*)?$ 1 /etc/tmux.conf ^\s*bind\s+[a-zA-Z]\s+lock-session(?:#.*)?$ 1 /etc/shells tmux\s*$ 1 ^/etc/opensc.*\.conf$ ^[\s]+card_drivers[\s]+=[\s]+(\S+);$ 1 ^/etc/opensc.*\.conf$ ^[\s]+force_card_driver[\s]+=[\s]+(\S+);$ 1 /etc/pam_pkcs11/pam_pkcs11.conf ^[\s]*cert_policy[ ]=(.*)$ 1 /etc/pam.d/system-auth 1 /etc/pam.d/system-auth 1 /etc/pam.d/smartcard-auth 1 /etc/pam_pkcs11/pam_pkcs11.conf ^[\s]*cert_policy[ ]=\s*(.*);$ 1 /etc/pam_pkcs11/pam_pkcs11.conf ^[\s]*cert_policy[ ]=(.*)$ 1 /etc/pam_pkcs11/pam_pkcs11.conf ^[\s]*cert_policy[ ]=\s*(.*);$ 1 /etc/pam.d/common-auth ^\s*auth\s+\[.*\]\s+pam_pkcs11.so(?:\s|$) 1 .* variable_count_of_all_uids /etc/passwd ^([a-zA-Z0-9_.-]+?): 1 state_default_os_user /etc/group ^.+:.+:(\d+):.*$ 1 variable_count_of_all_group_ids /etc/group ^(.+):.+ 1 variable_count_of_all_group_names /etc/shells ^[^#]*/nologin\b.*$ 1 /etc/pam.d/password-auth ^auth\s*(?:required|requisite)\s*pam_lastlog\.so[^#]*inactive=(\d+)[\s\S]*^\s*auth\s*sufficient\s*pam_unix\.so 1 /etc/pam.d/system-auth ^auth\s*(?:required|requisite)\s*pam_lastlog\.so[^#]*inactive=(\d+)[\s\S]*^\s*auth\s*sufficient\s*pam_unix\.so 1 /etc/default/useradd ^\s*INACTIVE\s*=\s*(\d+)\s*$ 1 /etc/passwd ^([^:]+):.*$ 1 variable_count_of_all_usernames_from_etc_passwd /etc/group ^shadow:.*:.*:(.*)$ 1 /etc/passwd 1 /etc/login.defs ^(?:.*\n)*\s*[^#]*(PASS_MAX_DAYS\s+\d+)\s*\n 1 variable_last_pass_max_days_instance_value /etc/login.defs .*\n[^#]*(PASS_MIN_DAYS\s+\d+)\s*\n 1 variable_last_pass_min_days_instance_value /etc/login.defs .*\n[^#]*(PASS_MIN_LEN\s+\d+)\s*\n 1 variable_last_pass_min_len_instance_value /etc/shadow ^(?:[^:]*:)(?:[^\!\*:]*:)(?:[^:]*:){2}(\d+):(?:[^:]*:){3}(?:[^:]*)$ 1 /etc/shadow ^(?:[^:]*:)(?:[^\!\*:]*:)(?:[^:]*:){2}(\d+):(?:[^:]*:){3}(?:[^:]*)$ 1 /etc/shadow ^(?:[^:]*:)(?:[^\!\*:]+:)(?:[^:]*:){2}():(?:[^:]*:){3}(?:[^:]*)$ 1 root /etc/shadow ^(?:[^:]*:)(?:[^\!\*:]*:)(?:[^:]*:)(\d+):(?:[^:]*:){4}(?:[^:]*)$ 1 /etc/shadow ^(?:[^:]*:)(?:[^\!\*:]*:)(?:[^:]*:)(\d+):(?:[^:]*:){4}(?:[^:]*)$ 1 /etc/shadow ^(?:[^:]*:)(?:[^\!\*:]+:)(?:[^:]*:)():(?:[^:]*:){4}(?:[^:]*)$ 1 /etc/shadow ^(?:[^:]*:)(?:[^\!\*:]*:)(?:[^:]*:){3}(\d+):(?:[^:]*:){2}(?:[^:]*)$ 1 /etc/shadow ^(?:[^:]*:)(?:[^\!\*:]*:)(?:[^:]*:){3}(\d+):(?:[^:]*:){2}(?:[^:]*)$ 1 /etc/login.defs .*\n[^#]*(PASS_WARN_AGE\s+\d+)\s*\n 1 variable_last_pass_warn_age_instance_value /etc/shadow ^(?:[^:]*:)(?:[^\!\*:]*:)(?:[^:]*:){4}(\d+):(?:[^:]*:)(?:[^:]*)$ 1 /etc/shadow ^(?:[^:]*:)(?:[^\!\*:]*:)(?:[^:]*:){4}(\d+):(?:[^:]*:)(?:[^:]*)$ 1 .* .* state_accounts_password_all_shadowed_has_no_password state_accounts_password_all_shadowed_has_locked_password state_accounts_password_all_shadowed_sha512 .* state_accounts_password_all_chage_past_has_no_password var_accounts_password_last_change_is_in_past_time_diff ^/etc/pam.d/common-(password|auth|account|session|session-noninteractive)$ ^\s*password\s+(?:(?:sufficient)|(?:required)|(?:\[.*\]))\s+pam_unix\.so[^#]+\bremember=\d+\b.*$ 1 ^/etc/pam.d/password-auth$ ^\s*password\s+(?:(?:sufficient)|(?:required))\s+pam_unix\.so[^#]*rounds=([0-9]*).*$ 1 ^/etc/pam.d/system-auth$ ^\s*password\s+(?:(?:sufficient)|(?:required))\s+pam_unix\.so.*rounds=([0-9]*).*$ 1 /etc/group ^[^:]+:[^:]+:([0-9]+): 1 /etc/passwd ^[^:]+:[^:]+:[0-9]+:([0-9]+): 1 /etc/passwd ^.*?:[^:]*:([^:]*):.*$ 1 var_num_duplicate_uids_in_etc_passwd ^/etc/pam.d/common-password ^[^#]*\bnullok\b.*$ 1 /etc/shadow ^[^:]+::.*$ 1 ^/etc/pam.d/common-(password|auth|account|session|session-noninteractive)$ ^[^#]*\bnullok\b.*$ 1 object_no_forward_files_objects_others .* state_no_forward_files_users_uids state_no_forward_files_users_ignored state_no_forward_files_users_nologin_shell \.forward$ /etc/group ^\+.*$ 1 /etc/passwd ^\+.*$ 1 /etc/shadow ^\+.*$ 1 /home ^\.netrc$ /home ^\.rhost$ /etc/passwd ^(?!root:)[^:]*:[^:]*:0 1 /etc/passwd ^root:.+:\d+:(\d+).+ 1 /etc/passwd ^(?!\b(root|sync|shutdown|halt|operator)\b).+:.+:\d+:0:.+$ 1 /etc/group 1 /etc/shadow ^root:(\$(y|[0-9].+)\$).*$ 1 /etc/shadow ^root:\$(y|[0-9].+)\$.*$ 1 /etc/group ^(?!root:)[^:]*:[^:]*:0 1 /etc/securetty ^.*$ 1 /etc/securetty ^$ 1 /etc/shells ^\/[^\n\r]*$ 1 filter_no_invalid_shell_accounts_unlocked_not_valid_shell /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d+:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_no_invalid_shell_accounts_unlocked_users_ignored state_no_invalid_shell_accounts_unlocked_locked_accounts /etc/shadow ^([^:]*):(?:[ \t\n\r\:\;\*\!\\]*):(?:[^:]*:){6}$ 1 .* state_no_password_auth_for_systemaccounts_users_uids state_no_password_auth_for_systemaccounts_users_ignored filter_no_password_auth_for_systemaccounts_no_passwords_or_locked_accounts /etc/login.defs .*(?:^|\n)\s*(UID_MIN[\s]+[\d]+)\s*(?:$|\n) 1 /etc/login.defs .*(?:^|\n)\s*(SYS_UID_MIN[\s]+[\d]+)\s*(?:$|\n) 1 /etc/login.defs .*(?:^|\n)\s*(SYS_UID_MAX[\s]+[\d]+)\s*(?:$|\n) 1 /etc/passwd ^(?!root).*:x:([\d]+):[\d]+:[^:]*:[^:]*:(?!\/usr\/sbin\/nologin|\/sbin\/nologin|\/bin\/sync|\/sbin\/shutdown|\/sbin\/halt|\/bin\/false|\/usr\/bin\/false).*$ 1 /etc/shadow ^root:([^:]*):(?:[^:]*:){6}(?:[^:]*)$ 1 /etc/securetty ^ttyS[0-9]+$ 1 /etc/pam.d/login ^\s*auth(?:(?!\n)\s)+required(?:(?!\n)\s)+pam_securetty.so\s+noconsole 1 /etc/securetty ^vc/[0-9]+$ 1 /etc/pam.d/su ^[\s]*auth[\s]+required[\s]+pam_wheel\.so[\s]+\buse_uid\b 1 /etc/pam.d/su ^\s*auth\s+required\s+pam_wheel\.so\s+(?=[^#]*\buse_uid\b)[^#]*\bgroup=([_a-z][-0-9_a-z]*) 1 /etc/login.defs ^[\s]*(?i)CREATE_HOME(?-i)[\s]+yes[\s]*(?:#.*)?$ 1 /etc/login.defs ^[\s]*(?i)FAIL_DELAY(?-i)[\s]+([^#\s]*) 1 /etc/security/limits.conf ^[\s]*\*[\s]+(?:(?:hard)|(?:-))[\s]+maxlogins[\s]+(\d+)\s*$ 1 /etc/security/limits.d ^.*\.conf$ ^[\s]*\*[\s]+(?:(?:hard)|(?:-))[\s]+maxlogins[\s]+(\d+)\s*$ 1 /etc/security/limits.d ^.*\.conf$ ^[\s]*\*[\s]+(?:(?:hard)|(?:-))[\s]+maxlogins 1 /tmp/tmp-inst /etc/security/namespace.conf ^\s*/tmp\s+/tmp/tmp-inst/\s+level\s+root,adm$ 1 /var/tmp/tmp-inst /etc/security/namespace.conf ^\s*/var/tmp\s+/var/tmp/tmp-inst/\s+level\s+root,adm$ 1 /etc/bash.bashrc ^[\s]*TMOUT=([\w$]+)[\s]*readonly TMOUT[\s]*export TMOUT$ 1 /etc/profile ^[\s]*TMOUT=([\w$]+)[\s]*readonly TMOUT[\s]*export TMOUT$ 1 /etc/profile.d ^.*\.sh$ ^[\s]*TMOUT=([\w$]+)[\s]*readonly TMOUT[\s]*export TMOUT$ 1 object_etc_profile_tmout object_etc_profiled_tmout variable_count_of_tmout_instances /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d{4,}:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_object_accounts_user_dot_group_ownership_home_dirs_users_ignored /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d{4,}:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_object_accounts_user_dot_group_ownership_gids_users_ignored ^\..* object_accounts_user_dot_no_world_writable_programs_objects_others .* state_accounts_user_dot_no_world_writable_programs_users_uids state_accounts_user_dot_no_world_writable_programs_users_ignored state_accounts_user_dot_no_world_writable_programs_users_nologin_shell / ^.*$ state_world_writable_programs 1 /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d{4,}:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_object_accounts_user_dot_user_ownership_home_dirs_users_ignored /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d{4,}:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_object_accounts_user_dot_user_ownership_uids_users_ignored ^\..* object_accounts_user_interactive_home_directory_defined_objects_others .* state_accounts_user_interactive_home_directory_defined_users_uids state_accounts_user_interactive_home_directory_defined_users_ignored state_accounts_user_interactive_home_directory_defined_users_nologin_shell /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d{4,}:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_object_accounts_user_interactive_home_directory_exists_objects_users_ignored var_accounts_user_interactive_home_directory_exists_dirs_count_fs var_accounts_user_interactive_home_directory_exists_dirs_count /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d{4,}:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_object_accounts_users_home_files_groupownership_home_dirs_users_ignored /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d{4,}:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_object_accounts_users_home_files_groupownership_gids_users_ignored .* /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d{4,}:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_object_accounts_users_home_files_ownership_home_dirs_users_ignored /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d{4,}:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_object_accounts_users_home_files_ownership_uids_users_ignored .* /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d{4,}:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_object_accounts_users_home_files_permissions_home_dirs_users_ignored ^[^\.].* state_accounts_users_home_files_permissions_is_symlink object_accounts_users_netrc_file_permissions_objects_others .* state_accounts_users_netrc_file_permissions_users_uids state_accounts_users_netrc_file_permissions_users_ignored state_accounts_users_netrc_file_permissions_users_nologin_shell \.netrc /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d{4,}:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_object_file_groupownership_home_directories_home_dirs_users_ignored /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d{4,}:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_object_file_groupownership_home_directories_gids_users_ignored /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d{4,}:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_object_file_ownership_home_directories_home_dirs_users_ignored /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d{4,}:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_object_file_ownership_home_directories_uids_users_ignored var_file_ownership_home_directories_uids_count .bash_history object_file_permission_user_bash_history_objects_others .* state_file_permission_user_bash_history_users_uids state_file_permission_user_bash_history_users_ignored state_file_permission_user_bash_history_users_nologin_shell object_file_permission_user_init_files_objects_others .* state_file_permission_user_init_files_users_uids state_file_permission_user_init_files_users_ignored state_file_permission_user_init_files_users_nologin_shell object_file_permission_user_init_files_root_objects_root object_file_permission_user_init_files_root_objects_others root .* state_file_permission_user_init_files_root_users_uids state_file_permission_user_init_files_root_users_ignored state_file_permission_user_init_files_root_users_nologin_shell /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d{4,}:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_object_file_permissions_home_directories_objects_users_ignored object_file_permissions_home_dirs_objects_others .* state_file_permissions_home_dirs_users_uids state_file_permissions_home_dirs_users_ignored state_file_permissions_home_dirs_users_nologin_shell PATH state_accounts_root_path_dirs_wrong_perms state_accounts_root_path_dirs_symlink PATH state_accounts_root_path_dirs_not_owned_by_root state_accounts_root_path_dirs_symlink PATH state_accounts_root_path_dirs_symlink var_accounts_root_path_existing_count PATH /etc/bash.bashrc ^[^#]*\bumask\s+(\d{3})\s*$ 1 var_etc_bashrc_umask_as_number /etc/csh.cshrc ^[\s]*(?i)UMASK(?-i)[\s]+([^#\s]*) 1 var_etc_csh_cshrc_umask_as_number /etc/login.defs ^[\s]*UMASK[\s]+([^#\s]*) 1 var_etc_login_defs_umask_as_number ^\/etc\/profile(?:\.d\/.*\.sh|\.d\/sh\.local)?$ ^[\s]*umask[\s]+([^#\s]*) 1 var_etc_profile_umask_as_number /etc/passwd 1 /etc/passwd ^([^:]*):[^:]*:\d{4,}:(?:[^:]*:){3}(?!(\/usr)?(\/sbin\/nologin|\/bin\/false))[^:]*$ 1 state_object_accounts_umask_interactive_users_objects_users_ignored ^\..* ^[\s]*umask\s* 1 state_accounts_umask_interactive_users_bash_history ^(/root/.bashrc|/root/.profile)$ ^[^#]*\bumask\s+[0-7]?[0-7]([0-1][0-7]|[0-7][0-6])\s*$ 1 /sys/kernel/security/apparmor/profiles ^(.*)$ 1 /sys/kernel/security/apparmor/profiles ^.*(\(enforce\))$ 1 /sys/kernel/security/apparmor/profiles ^.*(\(complain\))$ 1 all_apparmor_profiles_in_enforce_complain_mode_var_num_apparmor_profiles /boot/grub/grub.cfg ^\s*linux\b.*(?!/boot/memtest86\+\.bin).*\bapparmor=1\b.*$ 1 /boot/grub/grub.cfg ^\s*linux\b.*(?!/boot/memtest86\+\.bin).*\bsecurity=apparmor\b.*$ 1 ^CONFIG_RANDOM_TRUST_CPU=(y|Y)$ 1 /boot/grub/grubenv ^kernelopts=(.*)$ 1 .* /boot/grub/grub.cfg ^[\s]*set[\s]+superusers="(?i)\b(?!(?:root|admin|administrator)\b)(\w+)".*\n[\s]*export[\s]+superusers[\s]*$ 1 /boot/grub/grub.cfg ^[ \t]*set root=(.+?)[ \t]*(?:$|#) 1 /boot/grub/grub.cfg ^menuentry 1 var_grub2_menuentry_count ^/boot/grub/grub.cfg /boot/grub/grub.cfg ^[\s]*set[\s]+superusers=("?)[a-zA-Z_]+\1$ 1 /boot/grub/user.cfg ^[\s]*GRUB2_PASSWORD=grub\.pbkdf2\.sha512.*$ 1 /boot/grub/grub.cfg ^[\s]*password_pbkdf2[\s]+.*[\s]+grub\.pbkdf2\.sha512.*$ 1 .* /boot/grub/grub.cfg ^[\s]*set[\s]+superusers="(?i)\b(?!(?:root|admin|administrator)\b)(\w+)".*\n[\s]*export[\s]+superusers[\s]*$ 1 /boot/grub/grub.cfg ^[\s]*set[\s]+superusers=("?)[a-zA-Z_]+\1$ 1 /boot/grub/grub.cfg ^[\s]*password_pbkdf2[\s]+.*[\s]+grub\.pbkdf2\.sha512.*$ 1 /boot/grub/grub.cfg ^[ \t]*set root=(.+?)[ \t]*(?:$|#) 1 /boot/grub/grub.cfg ^menuentry 1 var_uefi_menuentry_count ^/boot/grub/grub.cfg /etc/zipl.conf ^\s*image\s*=.*$ 1 /boot/bootmap /etc/zipl.conf ^/boot/loader/entries/.*\.conf$ ^/boot/loader/entries/.*\.conf ^options (.*)$ 1 ^/etc/kernel/cmdline ^(.*)$ 1 ^/boot/config-.*$ ^CONFIG_DEFAULT_MMAP_MIN_ADDR="?(.*?)"?$ 1 local_var_kernel_config_default_mmap_min_addr_count_kernels_installed /boot ^config-.*$ /proc/sys/kernel/osrelease ^.*\.(.*)$ 1 /proc/sys/kernel/osrelease ^.*\.(.*)$ 1 /etc/localtime ^(rsyslog|systemd-journald).service$ ActiveState ste_logging_services_active_logging_services var_logging_services_active_logging_service_active_count ^\/etc\/rsyslog(\.conf|\.d\/.*\.conf)$ ^\$FileCreateMode\s+(\d+) 1 var_filecreatemode_dec /etc/logwatch/conf/logwatch.conf ^[\s]HostLimit[\s]*=[\s]*no[\s]*$ 1 /etc/logwatch/conf/logwatch.conf ^[\s]SplitHosts[\s]*=[\s]*yes[\s]*$ 1 /etc/rsyslog.conf ^[\s]*cron\.\*[\s]+/var/log/cron\s*(?:#.*)?$ 1 /etc/rsyslog.conf (?ms)^\s*cron\.\*\s+action\(\s*.*(?i)\btype\b(?-i)="omfile"\s*.*(?i)\bfile\b(?-i)="/var/log/cron"\s*.*\)\s*$ 1 /etc/rsyslog.d ^.*$ ^[\s]*cron\.\*[\s]+/var/log/cron\s*(?:#.*)?$ 1 /etc/rsyslog.d ^.*$ (?ms)^\s*cron\.\*\s+action\(\s*.*(?i)\btype\b(?-i)="omfile"\s*.*(?i)\bfile\b(?-i)="/var/log/cron"\s*.*\)\s*$ 1 /etc/rsyslog.conf ^\$ActionSendStreamDriverAuthMode x509/name$ 1 /etc/rsyslog.conf (?ms)^\s*action\(.*(?i)\btype\b(?-i)="omfwd".*(?i)\bStreamDriverAuthMode\b(?-i)="x509/name".*\)\s*$ 1 /etc/rsyslog.d ^.*conf$ ^\$ActionSendStreamDriverAuthMode x509/name$ 1 /etc/rsyslog.d ^.*conf$ (?ms)^\s*action\(.*(?i)\btype\b(?-i)="omfwd".*(?i)\bStreamDriverAuthMode\b(?-i)="x509/name".*\)\s*$ 1 /etc/rsyslog.conf ^\$ActionSendStreamDriverMode 1$ 1 /etc/rsyslog.conf (?ms)^\s*action\(.*(?i)\btype\b(?-i)="omfwd".*(?i)\bStreamDriverMode\b(?-i)="1".*\)\s*$ 1 /etc/rsyslog.d ^.*conf$ ^\$ActionSendStreamDriverMode 1$ 1 /etc/rsyslog.d ^.*conf$ (?ms)^\s*action\(.*(?i)\btype\b(?-i)="omfwd".*(?i)\bStreamDriverMode\b(?-i)="1".*\)\s*$ 1 /etc/rsyslog.conf ^\$DefaultNetstreamDriver gtls$ 1 /etc/rsyslog.conf (?ms)^\s*global\(.*(?i)\bDefaultNetStreamDriver\b(?-i)="gtls".*\)\s*$ 1 /etc/rsyslog.d ^.*conf$ ^\$DefaultNetstreamDriver gtls$ 1 /etc/rsyslog.d ^.*conf$ (?ms)^\s*global\(.*(?i)\bDefaultNetStreamDriver\b(?-i)="gtls".*\)\s*$ 1 /etc/rsyslog.conf ^[^(\s|#|\$)]+[\s]+.*[\s]+(\:\w+\:\S*|-?(\/+[^:;\s]+);*\.*)$ 1 /etc/rsyslog.d ^.+\.conf$ ^[^(\s|#|\$)]+[\s]+.*[\s]+(\:\w+\:\S*|-?(\/+[^:;\s]+);*\.*)$ 1 ^/etc/rsyslog\.(conf|d/.+\.conf)$ ^[^#\n]*auth(,\w+)*\.\*[^\n]*$ 1 ^/etc/rsyslog\.(conf|d/.+\.conf)$ ^[^#\n]*authpriv(,\w+)*\.\*[^\n]*$ 1 ^/etc/rsyslog\.(conf|d/.+\.conf)$ ^[^#\n]*daemon(,\w+)*\.\*[^\n]*$ 1 ^/etc/systemd/journal-upload.conf(\.d/[^/]+\.conf)?$ ^\[Upload\](?:[^\n]*\n+)+?^\h*ServerKeyFile\h*=\h*(.*)\h*$ 1 ^/etc/systemd/journal-upload.conf(\.d/[^/]+\.conf)?$ ^\[Upload\](?:[^\n]*\n+)+?^\h*ServerCertificateFile\h*=\h*(.*)\h*$ 1 ^/etc/systemd/journal-upload.conf(\.d/[^/]+\.conf)?$ ^\[Upload\](?:[^\n]*\n+)+?^\h*TrustedCertificateFile\h*=\h*(.*)\h*$ 1 ^/etc/systemd/journal-upload.conf(\.d/[^/]+\.conf)?$ ^\[Upload\](?:[^\n]*\n+)+?^\h*URL\h*=\h*(.*)\h*$ 1 /etc/logrotate.conf ^\s*daily[\s#]*$ 1 /etc/logrotate.conf ^\s*(weekly|monthly|yearly)[\s#]*$ 1 /etc/cron.daily/logrotate ^[\s]*/usr/sbin/logrotate[\s\S]*/etc/logrotate.conf$ 1 ^\/etc\/rsyslog(\.conf|\.d\/.*\.conf)$ ^[\s]*\$((?:Input(?:TCP|RELP)|UDP)ServerRun|ModLoad[\s]+(imtcp|imudp|imrelp)) 1 ^\/etc\/rsyslog(\.conf|\.d\/.*\.conf)$ ^\s*(?:module|input)\((?:load|type)="(imtcp|imudp)".*$ 1 /etc/rsyslog.conf ^\*\.\*[\s]+(?:@|\:omrelp\:) 1 /etc/rsyslog.d ^.+\.conf$ ^\*\.\*[\s]+(?:@|\:omrelp\:) 1 /etc/rsyslog.conf (?ms)^\s*\*\.\*\s+action\(\s*.*(?i)\btype\b(?-i)="omfwd"\s*.*(?i)\btarget\b(?-i)="\S+"\s*.*\)\s*$ 1 /etc/rsyslog.d ^.+\.conf$ (?ms)^\s*\*\.\*\s+action\(\s*.*(?i)\btype\b(?-i)="omfwd"\s*.*(?i)\btarget\b(?-i)="\S+"\s*.*\)\s*$ 1 ^/etc/rsyslog\.(conf|d/.+\.conf)$ ^\s*action\((?i)type(?-i)="omfwd"(.+?)\) 0 ^/etc/rsyslog\.(conf|d/.+\.conf)$ ^\s*global\(DefaultNetstreamDriverCAFile="(.+?)"\)\s*\n 0 ^(ufw|iptables|nftables).service$ ActiveState ste_firewall_single_service_active_firewall_services var_firewall_single_service_active_firewall_active_count /etc/resolv.conf ^[\s]*nameserver[\s]+([0-9\.]+)$ 1 /etc/sysconfig/network-scripts ifcfg-.* ^[\s]*DHCP_HOSTNAME[\s]*=.*$ 1 ^/etc/dhclient.*\.conf$ ^[\s]*send[\s]+host-name.*$ 1 /etc/dhcp ^.*$ ^[\s]*send[\s]+host-name.*$ 1 /etc/sysconfig/network ^[\s]*NOZEROCONF[\s]*=[\s]*yes 1 /etc/hosts.allow ^[^#]+ 1 /etc/hosts.deny ^[^#]+ 1 /etc/firewalld/firewalld.conf ^[\s]*DefaultZone=(\w+)$ 1 ^/(etc|usr/lib)/firewalld/zones/ ^[\s]+<source (address|mac|ipset)="[\w:]+"[\s]*/>$ 1 ^/(etc|usr/lib)/firewalld/zones/ ^[\s]+<service name="\w+"[\s]*/>$ 1 /etc/firewalld/zones/public.xml .* 1 ^/etc/polkit-1/localauthority/20-org.d/.*$ ^\[.*\]\n\s*Identity=default\n\s*Action=org\.freedesktop\.NetworkManager\.\*\n\s*ResultAny=no\n\s*ResultInactive=no\n\s*(ResultActive=auth_admin)\n*\s*$ 1 ^.*$ state_promisc /etc/firewalld/direct.xml /direct/rule[@chain="INPUT_direct" and @priority="0" and @table="filter" and @ipv="ipv4"]/text() /etc/firewalld/zones/ ^.+\.xml$ ^[\s]*<interface\s*name=.*$ 1 /etc/firewalld/zones/ ^.+\.xml$ ^[\s]*<service name="(\S*)".*$ 1 state_firewalld_zones_with_interfaces tcp ^.*$ 0 state_ipv4_loopback_listening_inet_ports state_ipv6_loopback_listening_inet_ports state_inet_foreign_port_connected var_obj_listening_inet_tcp_ports /usr/lib/firewalld/services/ \s*(?:(?:protocol="tcp")|)\s*port="(\d+)"\s*(?:(?:protocol="tcp")|)\s* 1 var_firewalled_service_tcp_ports /etc/firewalld/zones/ ^.+\.xml$ ^[\s]*<port\s*(?:(?:protocol="tcp")|)\s*port="(\d+)"\s*(?:(?:protocol="tcp")|)\s*.*$ 1 state_firewalld_zones_with_interfaces var_firewalled_direct_tcp_ports object_var_firewalled_service_tcp_ports object_var_firewalled_direct_tcp_ports udp ^.*$ 0 state_ipv4_loopback_listening_inet_ports state_ipv6_loopback_listening_inet_ports state_inet_foreign_port_connected var_obj_listening_inet_udp_ports /usr/lib/firewalld/services/ \s*(?:(?:protocol="udp")|)\s*port="(\d+)"\s*(?:(?:protocol="udp")|)\s* 1 var_firewalled_service_udp_ports /etc/firewalld/zones/ ^.+\.xml$ ^[\s]*<port\s*(?:(?:protocol="udp")|)\s*port="(\d+)"\s*(?:(?:protocol="udp")|)\s*.*$ 1 state_firewalld_zones_with_interfaces var_firewalled_direct_udp_ports object_var_firewalled_service_udp_ports object_var_firewalled_direct_udp_ports /usr/lib/firewalld/zones/trusted.xml /zone/rule/source[@address='127.0.0.1' or @address='::1'] /usr/lib/firewalld/zones/trusted.xml /zone/rule/destination[@address='127.0.0.1' or @address='::1' and @invert='True'] /usr/lib/firewalld/zones/trusted.xml /zone/rule/drop /etc/firewalld/zones/trusted.xml /zone/rule/source[@address='127.0.0.1' or @address='::1'] /etc/firewalld/zones/trusted.xml /zone/rule/destination[@address='127.0.0.1' or @address='::1' and @invert='True'] /etc/firewalld/zones/trusted.xml /zone/rule/drop /usr/lib/firewalld/zones/trusted.xml /zone/interface[@name='lo'] /etc/firewalld/zones/trusted.xml /zone/interface[@name='lo'] /etc/firewalld/zones/trusted.xml /etc/sysconfig/network-scripts ifcfg-.* ^IPV6_DEFAULTGW=.+$ 1 /etc/sysconfig/network-scripts ifcfg-.* ^IPV6_PRIVACY=rfc3041$ 1 /etc/sysconfig/network-scripts ifcfg-.* ^IPV6ADDR=.+$ 1 /etc/modprobe.d ^.*\.conf$ ^\s*options\s+ipv6\s+.*disable=1.*$ 1 /etc/netconfig ^udp6\s+tpi_clts\s+v\s+inet6\s+udp\s+-\s+-$ 1 /etc/netconfig ^tcp6\s+tpi_cots_ord\s+v\s+inet6\s+tcp\s+-\s+-$ 1 ^[\s]*include[\s]+\"([^\s]+)"$ 1 ^.*$ 1 /etc/sysconfig/SuSEfirewall2 ^\s*(?:export\s+)?FW_SERVICES_ACCEPT_EXT=(?:"([^"]+)"|'([^']+)')\s*$ 1 /proc/net/wireless ^\s*\S+:\s 1 / state_uid_is_not_root_and_world_writable .* state_dir_perms_world_writable_sticky_bits_dev_partitons state_dir_perms_world_writable_sticky_bits .* state_dir_perms_world_writable_system_owned_dev_partitons state_dir_perms_world_writable_system_owned / state_gid_is_user_and_world_writable ^\/s?bin|^\/usr\/s?bin|^\/usr\/local\/s?bin state_system_commands_dirs_group_owner_not_root /bin state_system_commands_directory_bin_owner_not_root /sbin state_system_commands_directory_sbin_owner_not_root /usr/bin state_system_commands_directory_usr_bin_owner_not_root /usr/sbin state_system_commands_directory_usr_sbin_owner_not_root /usr/local/bin state_system_commands_directory_usr_local_bin_owner_not_root /usr/local/sbin state_system_commands_directory_usr_local_sbin_owner_not_root .* state_file_permissions_unauthorized_sgid_dev_partitons ^.*$ state_file_permissions_unauthorized_sgid_set state_file_permissions_unauthorized_sgid_sysroot .* .* .* .* .* var_file_permissions_unauthorized_sgid_all_sgid_files state_file_permissions_unauthorized_sgid_rpm_filepaths .* state_file_permissions_unauthorized_suid_dev_partitons ^.*$ state_file_permissions_unauthorized_suid_set state_file_permissions_unauthorized_suid_sysroot .* .* .* .* .* var_file_permissions_unauthorized_suid_all_suid_files state_file_permissions_unauthorized_suid_rpm_filepaths .* state_file_permissions_unauthorized_world_writable_dev_partitons ^.*$ state_file_permissions_unauthorized_world_write state_file_permissions_unauthorized_world_write_special_selinux_files state_file_permissions_unauthorized_world_write_sysroot /etc/group ^[^:]+:[^:]*:([\d]+):[^:]*$ 1 /usr/lib/group ^[^:]+:[^:]*:([\d]+):[^:]*$ 1 object_etc_group object_usr_lib_group .* state_file_permissions_ungroupowned_dev_partitons .* state_file_permissions_ungroupowned_local_group_owner state_file_permissions_ungroupowned_sysroot .* state_file_permissions_ungroupowned_local_group_owner_with_usrlib state_file_permissions_ungroupowned_sysroot /etc/nsswitch.conf ^\s*group:\s+(.*)$ 1 nss-altfiles .* state_no_files_or_dirs_ungroupowned_dev_partitons object_no_files_or_dirs_ungroupowned_files object_no_files_or_dirs_ungroupowned_directories .* state_no_files_or_dirs_ungroupowned_local_group_owner state_no_files_or_dirs_ungroupowned_sysroot state_no_files_or_dirs_ungroupowned_local_group_owner state_no_files_or_dirs_ungroupowned_sysroot object_no_files_or_dirs_ungroupowned_files_with_usrlib object_no_files_or_dirs_ungroupowned_directories_with_usrlib .* state_no_files_or_dirs_ungroupowned_local_group_owner_with_usrlib state_no_files_or_dirs_ungroupowned_sysroot state_no_files_or_dirs_ungroupowned_local_group_owner_with_usrlib state_no_files_or_dirs_ungroupowned_sysroot /etc/nsswitch.conf ^\s*group:\s+(.*)$ 1 nss-altfiles /etc/security/opasswd /etc/group ^adm:\w+:(\w+):.* 1 /var/log .* file_groupownerships_var_log_exclude_symlinks file_groupownerships_var_log_exclude_files_apt file_groupownerships_var_log_exclude_files_auth_log file_groupownerships_var_log_exclude_files_bwtmp file_groupownerships_var_log_exclude_files_cloudinit file_groupownerships_var_log_exclude_files_gdm file_groupownerships_var_log_exclude_files_journal file_groupownerships_var_log_exclude_files_landscape file_groupownerships_var_log_exclude_files_lastlog file_groupownerships_var_log_exclude_files_localmessages file_groupownerships_var_log_exclude_files_messages file_groupownerships_var_log_exclude_files_secure file_groupownerships_var_log_exclude_files_sssd file_groupownerships_var_log_exclude_files_syslog file_groupownerships_var_log_exclude_files_waagent /etc/group 1 /etc/passwd 1 /etc/passwd ^[^:]+:[^:]*:(\d\d?\d?):.*$ 1 /etc/passwd ^syslog:[^:]+:([0-9]+): 1 /var/log .* file_ownerships_var_log_exclude_symlinks file_ownerships_var_log_exclude_files_apt file_ownerships_var_log_exclude_files_auth_log file_ownerships_var_log_exclude_files_bwtmp file_ownerships_var_log_exclude_files_cloudinit file_ownerships_var_log_exclude_files_gdm file_ownerships_var_log_exclude_files_journal file_ownerships_var_log_exclude_files_landscape file_ownerships_var_log_exclude_files_lastlog file_ownerships_var_log_exclude_files_localmessages file_ownerships_var_log_exclude_files_messages file_ownerships_var_log_exclude_files_secure file_ownerships_var_log_exclude_files_sssd file_ownerships_var_log_exclude_files_syslog file_ownerships_var_log_exclude_files_waagent ^\/s?bin|^\/usr\/s?bin|^\/usr\/local\/s?bin ^.*$ state_groupowner_system_commands_dirs_not_system_group_not_sgid state_groupowner_system_commands_dirs_symlink ^\/(|s)bin|^\/usr\/(|local\/)(|s)bin state_owner_binaries_not_root ^\/(|s)bin|^\/usr\/(|local\/)(|s)bin ^.*$ state_owner_binaries_not_system_accounts ^\/(|s)bin|^\/usr\/(|local\/)(|s)bin|^\/usr\/libexec ^.*$ state_perms_binary_files_nogroupwrite_noworldwrite state_perms_binary_files_symlink ^\/(s|)bin|^\/usr\/(s|)bin|^\/usr\/local\/(s|)bin ^.*$ state_perms_system_commands_files_nogroupwrite_noworldwrite state_perms_system_commands_files_symlink ^/(|usr/)lib(|64)$ ^.*$ state_groupowner_binaries_not_system_accounts state_groupowner_root_path_dirs_symlink /etc/tmpfiles.d/ ^.*\.conf$ ^C[[:blank:]]+\/root\/.bash_logout[[:blank:]]+(\d{3})[[:blank:]]+root[[:blank:]]+root[[:blank:]]+-[[:blank:]]+\/usr\/share\/rootfiles/.bash_logout$ 1 /etc/tmpfiles.d/ ^.*\.conf$ ^C[[:blank:]]+\/root\/.bash_profile[[:blank:]]+(\d{3})[[:blank:]]+root[[:blank:]]+root[[:blank:]]+-[[:blank:]]+\/usr\/share\/rootfiles/.bash_profile$ 1 /etc/tmpfiles.d/ ^.*\.conf$ ^C[[:blank:]]+\/root\/.bashrc[[:blank:]]+(\d{3})[[:blank:]]+root[[:blank:]]+root[[:blank:]]+-[[:blank:]]+\/usr\/share\/rootfiles/.bashrc$ 1 /etc/tmpfiles.d/ ^.*\.conf$ ^C[[:blank:]]+\/root\/.cshrc[[:blank:]]+(\d{3})[[:blank:]]+root[[:blank:]]+root[[:blank:]]+-[[:blank:]]+\/usr\/share\/rootfiles/.cshrc$ 1 /etc/tmpfiles.d/ ^.*\.conf$ ^C[[:blank:]]+\/root\/.tcshrc[[:blank:]]+(\d{3})[[:blank:]]+root[[:blank:]]+root[[:blank:]]+-[[:blank:]]+\/usr\/share\/rootfiles/.tcshrc$ 1 ^/(?!boot|efi)\w.*$ state_local_nodev /etc/fstab ^\s*(?!#)(?:/dev/\S+|UUID=\S+)\s+/\w\S*\s+\S+\s+(\S+) 1 /etc/fstab ^[\s]*/tmp[\s]+/var/tmp[\s]+.*bind.*$ 1 ^/var/tmp$ /etc/mtab ^[\s]*/tmp[\s]+/var/tmp[\s]+.*bind.*$ 1 ^/tmp$ kernel.core_pattern local_var_sysctl_kernel_core_pattern_empty_string_counter object_sysctl_kernel_core_pattern_empty_string_static_set_sysctls_unfiltered state_sysctl_kernel_core_pattern_empty_string_filepath_is_symlink var_obj_symlink_sysctl_kernel_core_pattern_empty_string var_obj_blank_sysctl_kernel_core_pattern_empty_string local_var_blank_path_sysctl_kernel_core_pattern_empty_string local_var_symlinks_sysctl_kernel_core_pattern_empty_string state_symlink_points_outside_usual_dirs_sysctl_kernel_core_pattern_empty_string object_static_etc_sysctls_sysctl_kernel_core_pattern_empty_string object_static_run_usr_sysctls_sysctl_kernel_core_pattern_empty_string object_static_sysctl_sysctl_kernel_core_pattern_empty_string object_static_etc_sysctld_sysctl_kernel_core_pattern_empty_string object_static_run_sysctld_sysctl_kernel_core_pattern_empty_string /etc/sysctl.conf ^[[:blank:]]*kernel.core_pattern[[:blank:]]*=[[:blank:]]*(.*)$ 1 /etc/sysctl.d ^.*\.conf$ ^[[:blank:]]*kernel.core_pattern[[:blank:]]*=[[:blank:]]*(.*)$ 1 /run/sysctl.d ^.*\.conf$ ^[[:blank:]]*kernel.core_pattern[[:blank:]]*=[[:blank:]]*(.*)$ 1 /etc/security/limits.conf ^[\s]*\*[\s]+(?:hard|-)[\s]+core[\s]+([\S]+) 1 /etc/security/limits.d ^.*\.conf$ ^[\s]*\*[\s]+(?:hard|-)[\s]+core[\s]+([\S]+) 1 /etc/security/limits.d ^.*\.conf$ ^[\s]*\*[\s]+(?:hard|-)[\s]+core 1 /etc/init.d/functions ^[\s]*(?i)UMASK(?-i)[\s]+([^#\s]*) 1 var_etc_init_d_functions_umask_as_number /etc/sysctl.conf ^[\s]*kernel.exec-shield[\s]*=[\s]*1[\s]*$ 1 kernel.exec-shield /boot/grub/grub.cfg [\s]*noexec[\s]*=[\s]*off 1 /proc/cpuinfo ^flags[\s]+:.*[\s]+nx[\s]+.*$ 1 /proc/cmdline .+noexec[0-9]*=off.+ 1 kernel-PAE /proc/cpuinfo ^flags[\s]+:.*[\s]+pae[\s]+.*[\s]+nx[\s]+.*$ 1 /etc/sysconfig/kernel ^\s*DEFAULTKERNEL[\s]*=[\s]*kernel-PAE$ 1 /etc/default/grub ^[\s]*GRUB_CMDLINE_LINUX.*(selinux|enforcing)=0.*$ 1 /etc/grub2.cfg ^.*(selinux|enforcing)=0.*$ 1 /etc/grub.d ^.*$ ^.*(selinux|enforcing)=0.*$ 1 /dev ^.*$ state_block_or_char_device_file state_selinux_dev_device_t state_selinux_dev_unlabeled_t /proc ^.*$ state_selinux_confinement_of_daemons ^/etc/sudoers(\.d/.*)?$ ^\s*%\w+.*TYPE=(\w+).*$ 1 ^/etc/sudoers(\.d/.*)?$ ^\s*%\w+.*ROLE=(\w+).*$ 1 /etc/selinux/config ^SELINUX=(.*)$ 1 /etc/selinux/config ^SELINUX=(.*)$ 1 kernel /proc/cpuinfo ^flags\s+:\s+(.*)$ 1 /proc/sys/kernel/osrelease ^.*\.(.*)$ 1 ^(?!\/boot(?:\/efi)?$).* state_encrypted_partitions state_non_temporary_partitions state_non_pseudo_file_systems /etc/crypttab ^\s*(\S+) 1 /etc/dconf/db/gdm ^/etc/dconf/db/gdm.d/.* var_dconf_gdm_db_modified_time /etc/dconf/db/local ^/etc/dconf/db/local.d/.* var_dconf_local_db_modified_time /etc/dconf/profile/gdm (?ms)^\s*user-db:user\s*.*\n\s*system-db:gdm\s*$ 1 /etc/dconf/profile/user (?ms)^\s*user-db:user\s*.*\n\s*system-db:local\s*$ 1 /etc/gdm/custom.conf ^\s*\[daemon\].*(?:\n\s*[^[\s].*)*\n^\s*WaylandEnable[ \t]*=[ \t]*(.+?)[ \t]*(?:$|#) 1 ^/etc/gdm/custom.conf /etc/dconf/db/gdm.d/ ^.*$ ^\[org/gnome/login-screen\]([^\n]*\n+)+?disable-restart-buttons=true$ 1 /etc/dconf/db/gdm.d/locks/ ^.*$ ^/org/gnome/login-screen/disable-restart-buttons$ 1 /etc/dconf/db/gdm.d/ ^.*$ ^\[org/gnome/login-screen\]([^\n]*\n+)+?disable-user-list=true$ 1 /etc/dconf/db/gdm.d/locks/ ^.*$ ^/org/gnome/login-screen/disable-user-list$ 1 /etc/dconf/db/gdm.d/ ^.*$ ^\[org/gnome/login-screen\]([^\n]*\n+)+?enable-smartcard-authentication=true$ 1 /etc/dconf/db/gdm.d/locks/ ^.*$ ^/org/gnome/login-screen/enable-smartcard-authentication$ 1 /etc/dconf/db/gdm.d/ ^.*$ ^\[org/gnome/login-screen\]([^\n]*\n+)+?allowed-failures=3$ 1 /etc/dconf/db/gdm.d/locks/ ^.*$ ^/org/gnome/login-screen/allowed-failures$ 1 /etc/gdm/custom.conf ^\[daemon]([^\n]*\n+)+?AutomaticLoginEnable=[Ff]alse$ 1 /etc/gdm/custom.conf ^\[daemon]([^\n]*\n+)+?TimedLoginEnable=[Ff]alse$ 1 /etc/sysconfig/displaymanager ^DISPLAYMANAGER_AUTOLOGIN=""$ 1 /etc/sysconfig/displaymanager ^DISPLAYMANAGER_PASSWORD_LESS_LOGIN="no"$ 1 /etc/gdm3/custom.conf ^\s*\[xdmcp\].*(?:\n\s*[^[\s].*)*\n^\s*Enable[ \t]*=[ \t]*(.+?)[ \t]*(?:$|#) 1 ^/etc/gdm3/custom.conf /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/desktop/media-handling\]([^\n]*\n+)+?automount=false$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/desktop/media-handling/automount$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/desktop/media-handling\]([^\n]*\n+)+?automount-open=false$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/desktop/media-handling/automount-open$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/desktop/media-handling\]([^\n]*\n+)+?autorun-never=true$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/desktop/media-handling/autorun-never$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/desktop/thumbnailers\]([^\n]*\n+)+?disable-all=true$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/desktop/thumbnailers/disable-all$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/nm-applet\]([^\n]*\n+)+?disable-wifi-create=true$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/nm-applet/disable-wifi-create$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/nm-applet\]([^\n]*\n+)+?suppress-wireless-networks-available=true$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/nm-applet/suppress-wireless-networks-available$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/Vino\]([^\n]*\n+)+?authentication-methods=\['vnc'\]$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/Vino/authentication-methods$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/Vino\]([^\n]*\n+)+?require-encryption=true$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/Vino/require-encryption$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/desktop/screensaver\]([^\n]*\n+)+?idle-activation-enabled=true$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/desktop/screensaver/idle-activation-enabled$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/desktop/screensaver/idle-activation-enabled$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/desktop/session\]([^\n]*\n+)+?idle-delay=uint32[\s][0-9]*$ 1 /etc/dconf/db/local.d/ ^.*$ ^idle-delay[\s=]*uint32[\s]([^=\s]*) 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/desktop/session/idle-delay$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/desktop/screensaver\]([^\n]*\n+)+?lock-delay=uint32[\s][0-9]*$ 1 /etc/dconf/db/local.d/ ^.*$ ^lock-delay[\s=]*uint32[\s]([^=\s]*) 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/desktop/screensaver/lock-delay$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/desktop/screensaver\]([^\n]*\n+)+?lock-enabled=true$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/desktop/screensaver/lock-enabled$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/desktop/screensaver/lock-enabled$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/desktop/screensaver\]([^\n]*\n+)+?picture-uri=string \'\'$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/desktop/screensaver/picture-uri$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/desktop/screensaver\]([^\n]*\n+)+?show-full-name-in-top-bar=false$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/desktop/screensaver/show-full-name-in-top-bar$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/desktop/screensaver/lock-delay$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/desktop/session/idle-delay$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/settings-daemon/plugins/media-keys\]([^\n]*\n+)+?logout[\s]*=[\s]*\[''\]$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/settings-daemon/plugins/media-keys/logout$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/system/location\]([^\n]*\n+)+?enabled=false$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/system/location/enabled$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/clocks\]([^\n]*\n+)+?geolocation=false$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/clocks/geolocation$ 1 /etc/dconf/db/local.d/ ^.*$ ^\[org/gnome/settings-daemon/plugins/power\]([^\n]*\n+)+?active=false$ 1 /etc/dconf/db/local.d/locks/ ^.*$ ^/org/gnome/settings-daemon/plugins/power/active$ 1 /etc/sysconfig/prelink ^[\s]*PRELINKING=no[\s]* 1 /etc/named.conf ^\s*include\s+"/etc/crypto-policies/back-ends/bind.config"\s*;\s*$ 1 /etc/crypto-policies/state/current /etc/crypto-policies/config variable_crypto_policies_config_file_timestamp /etc/crypto-policies/config ^(?!#)(\S+)$ 1 /etc/crypto-policies/state/current ^(?!#)(\S+)$ 1 /etc/crypto-policies/back-ends/nss.config /etc/crypto-policies/back-ends/gnutls.config \+VERS-ALL:-VERS-DTLS0\.9:-VERS-TLS1\.1:-VERS-TLS1\.0:-VERS-SSL3\.0:-VERS-DTLS1\.0 1 var_symlink_kerberos_crypto_policy_configuration /etc/krb5.conf.d/crypto-policies /etc/crypto-policies/back-ends/krb5.config /etc/ipsec.conf ^\s*include\s+/etc/crypto-policies/back-ends/libreswan.config\s*(?:#.*)?$ 1 /etc/pki/tls/openssl.cnf ^\s*\[\s*crypto_policy\s*\]\s*\n*\s*\.include\s*(?:=\s*)?/etc/crypto-policies/back-ends/opensslcnf.config\s*$ 1 /etc/crypto-policies/back-ends/opensslcnf.config ^\s*(?:TLS\.)?(?i)MinProtocol\s*=\s*TLSv(\S*) 1 /etc/crypto-policies/back-ends/opensslcnf.config ^\s*(?:DTLS\.)?(?i)MinProtocol\s*=\s*DTLSv(\S*) 1 crypto-policies /etc/sysconfig/sshd ^\s*(?i)CRYPTO_POLICY\s*=.*$ 1 /etc/crypto-policies/back-ends/opensslcnf.config ^(?:.*\n)*\s*Ciphersuites\s*=\s*(.+?)[ \t]*(?:$|#) 1 /etc/ssh/ssh_config.d/02-ospp.conf ^[ \t]*Match[\s]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/ssh_config.d/02-ospp.conf ^Match final all(?:.* )*?\s*RekeyLimit[\s]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/ssh_config.d/02-ospp.conf ^Match final all(?:.* )*?\s*GSSAPIAuthentication[\s]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/ssh_config.d/02-ospp.conf ^Match final all(?:.* )*?\s*Ciphers[\s]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/ssh_config.d/02-ospp.conf ^Match final all(?:.* )*?\s*PubkeyAcceptedKeyTypes[\s]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/ssh_config.d/02-ospp.conf ^Match final all(?:.* )*?\s*MACs[\s]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/ssh_config.d/02-ospp.conf ^Match final all(?:.* )*?\s*KexAlgorithms[\s]+(.+?)[ \t]*(?:$|#) 1 /etc/crypto-policies/back-ends/openssh.config ^Ciphers.*$ 1 /etc/crypto-policies/back-ends/opensshserver.config ^(?!#).*Ciphers\s+([^\s']+).*$ -1 /etc/crypto-policies/back-ends/opensshserver.config ^(?:.*\n)*\s*CRYPTO_POLICY=(.+?)[ \t]*(?:$|#) 1 /etc/crypto-policies/back-ends/openssh.config ^MACs.*$ 1 /etc/crypto-policies/back-ends/opensshserver.config ^(?!#).*MACs\s+([^\s']+).*$ -1 /etc/profile.d/openssl-rand.sh SHA-256 /etc/selinux/config ^[\s]*SELINUX[\s]*=[\s]*enforcing[\s]*$ 1 McAfeeVSEForLinux MFErt MFEcma /opt/NAI/LinuxShield/engine/dat ^.*\.dat$ variable_mcafee_dat_files_mtime ^mfetpd.*$ 0 /opt/McAfee/accm/bin accm /opt/McAfee/auditengine/bin auditmanager /etc/dracut.conf.d/40-fips.conf ^\s*add_dracutmodules\+="\s*(\w*)\s*"\s*(?:#.*)?$ 1 /usr/lib/bootc/kargs.d/ ^.*\.toml$ ^kargs[\s]*=[\s]*\[([^\]]+)\]$ 1 ^/boot/loader/entries/.*.conf ^options (.*)$ 1 var_system_crypto_policy /proc/sys/crypto/fips_enabled ^1$ 1 /etc/system-fips /etc/crypto-policies/back-ends/bind.config /etc/crypto-policies/back-ends/gnutls.config /etc/crypto-policies/back-ends/java.config /etc/crypto-policies/back-ends/javasystem.config /etc/crypto-policies/back-ends/krb5.config /etc/crypto-policies/back-ends/libreswan.config /etc/crypto-policies/back-ends/libssh.config /etc/crypto-policies/back-ends/openssh.config /etc/crypto-policies/back-ends/opensshserver.config /etc/crypto-policies/back-ends/opensslcnf.config /etc/crypto-policies/back-ends/openssl.config /etc/crypto-policies/back-ends/openssl_fips.config /etc/crypto-policies/config ^FIPS$|^FIPS:(OSPP|NO-SHA1|NO-CAMELLIA|ECDHE-ONLY|STIG)$ 1 /etc/crypto-policies/policies/modules/ STIG.pmod ^cipher@SSH=AES-256-GCM AES-256-CTR AES-128-GCM AES-128-CTR$ 1 /etc/crypto-policies/policies/modules/ STIG.pmod ^mac@SSH=HMAC-SHA2-512 HMAC-SHA2-256$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /proc/sys/crypto/fips_enabled ^.*$ 1 /proc/cpuinfo ^[\s]*flags[\s]*:[\s]*.*aes.*$ 1 dracut-fips-aesni dracut-fips crypto.fips_enabled /proc/sys/crypto/fips_enabled ^.*$ 1 /etc/aide/aide.conf ^@@define[\s]DBDIR[\s]+(/.*)$ 1 /etc/aide/aide.conf ^database=file:(?:@@{DBDIR}/)?([a-z./]+)$ 1 /etc/aide/aide.conf ^database_out=file:@@{DBDIR}/([a-z.]+)$ 1 /etc/aide/aide.conf ^database_out=file:([a-z./]+)$ 1 /etc/aide/aide.conf ^(?:/usr)?/sbin/auditctl\s+([^\n]+)$ 1 /etc/aide/aide.conf ^(?:/usr)?/sbin/auditd\s+([^\n]+)$ 1 /etc/aide/aide.conf ^(?:/usr)?/sbin/ausearch\s+([^\n]+)$ 1 /etc/aide/aide.conf ^(?:/usr)?/sbin/aureport\s+([^\n]+)$ 1 /etc/aide/aide.conf ^(?:/usr)?/sbin/autrace\s+([^\n]+)$ 1 /etc/aide/aide.conf ^(?:/usr)?/sbin/audispd\s+([^\n]+)$ 1 /etc/aide/aide.conf ^(?:/usr)?/sbin/rsyslogd\s+([^\n]+)$ 1 /etc/aide/aide.conf ^(?:/usr)?/sbin/augenrules\s+([^\n]+)$ 1 dailyaidecheck.service UnitFileState dailyaidecheck.timer UnitFileState dailyaidecheck.timer ActiveState /var/spool/cron/crontabs/root aide(\.wrapper)? 1 /etc/cron\.(daily|hourly|weekly) ^.*$ ^(?:\/usr\/bin\/)?aide(\.wrapper)? 1 /etc/crontab [^\s]+\s+[^\s]+\s+\*(?:\/[1-7])*\s+\*\s+[^\s]+\s+(?:\/usr\/bin\/)?aide(\.wrapper)?\s+[^\s]+\s+(?=-C|--check).* 1 /etc/crontab ^SCRIPT="\/usr\/share\/aide\/bin\/dailyaidecheck"$ 1 /etc/cron\.(daily|hourly|weekly) ^.*$ ^SCRIPT="\/usr\/share\/aide\/bin\/dailyaidecheck"$ 1 aidecheck.service UnitFileState aidecheck.timer UnitFileState aidecheck.timer ActiveState /etc/crontab ^.*/usr/bin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$ 1 /var/spool/cron/root ^.*/usr/bin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$ 1 ^/etc/cron.(d|daily|weekly|monthly)$ ^.*$ ^.*/usr/bin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$ 1 /etc/aide.conf ^[A-Z][a-zA-Z_]*[\s]*=[\s]*.*(sha1|rmd160|sha256|whirlpool|tiger|haval|gost|crc32).*$ 0 /etc/aide.conf ^[A-Z][A-Za-z_]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$ 1 /etc/aide/aide.conf ^(?!ALLXTRAHASHES)[A-Z][a-zA-Z_]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$ 1 /etc/aide/aide.conf ^(?!ALLXTRAHASHES)[A-Z][a-zA-Z_]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$ 1 crypto-policies .* .* .* .* .* state_rpm_verify_crypto_policies .* .* .* .* .* ^/(bin|sbin|lib|lib64|usr)/.+$ state_rpm_verify_hashes_fail_md5_hash .* .* .* .* .* .* state_rpm_verify_ownership_files_fail_ownership .* .* .* .* .* .* state_rpm_verify_permissions_files_fail_mode /etc/passwd ^([a-zA-Z0-9_.-]+?): 1 filter_default_os_user filter_sidadm_sapadm_orasid_oracle_users /etc/passwd ^([a-z][a-z0-9][a-z0-9])adm: 1 filter_sapadm_user ^/sapmnt/[A-Z][A-Z0-9][A-Z0-9]$ /etc/passwd ^(sapadm): 1 /usr/sap/hostctrl /etc/passwd ^ora([a-z][a-z0-9][a-z0-9]): 1 filter_oracle_user ^/sapmnt/[A-Z][A-Z0-9][A-Z0-9]/exe/(|(|n)uc/[A-Za-z0-9_]+/)brspace$ /etc/passwd ^oracle:x:([\d]+) 1 ^/oracle/[A-Z][A-Z0-9][A-Z0-9]$ ^/sapmnt/[A-Z][A-Z0-9][A-Z0-9]/exe/(|(|n)uc/[A-Za-z0-9_]+/)brspace$ /usr/bin/sudo /etc/group 1 /etc/sudoers ^(?!#).*[\s]+\!authenticate.*$ 1 /etc/sudoers.d ^.*$ ^(?!#).*[\s]+\!authenticate.*$ 1 /etc/sudoers ^(?!#).*[\s]+NOPASSWD[\s]*\:.*$ 1 /etc/sudoers.d ^.*$ ^(?!#).*[\s]+NOPASSWD[\s]*\:.*$ 1 ^\/etc\/(sudoers|sudoers\.d\/.*)$ ^[\s]*Defaults[\s]+timestamp_timeout[\s]*=\s*[+]?(\d*\.\d+|\d+\.\d*|\d+)$ 1 ^\/etc\/(sudoers|sudoers\.d\/.*)$ ^[\s]*Defaults[\s]+timestamp_timeout[\s]*=\s*[\-](\d*\.\d+|\d+\.\d*|\d+)$ 1 ^/etc/sudoers(\.d/.*)?$ ^\s*ALL\s+ALL\=\(ALL\)\s+ALL\s*$ 1 ^/etc/sudoers(\.d/.*)?$ ^\s*ALL\s+ALL\=\(ALL\:ALL\)\s+ALL\s* 1 /etc/sudoers ^(?!(#|vdsm.*)).*[\s]+NOPASSWD[\s]*\:.*$ 1 /etc/sudoers.d ^.*$ ^(?!(#|vdsm.*)).*[\s]+NOPASSWD[\s]*\:.*$ 1 /etc/sudoers ^#includedir[\s]+(.*)$ 1 /etc/sudoers ^[#@]include[\s]+.*$ 1 /etc/sudoers ^@includedir[\s]+.*$ 1 /etc/sudoers ^[#@]includedir[\s]+.*$ 1 /etc/sudoers.d/ .* ^[#@]include(?:dir)?[\s]+.*$ 1 ^/etc/sudoers(\.d/.*)?$ ^(?!\s*Defaults)(?:\s*[^#=]+)=(?:\s*(?:\([^\)]+\))?\s*(?!\s*\()[^,\s]+(?:[ \t]+[^,\s]+)+[ \t]*,)*(\s*(?:\([^\)]+\))?\s*(?!\s*\()[^,\s]+[ \t]*(?:,|$)) 1 ^/etc/sudoers(\.d/.*)?$ ^(?:\s*[^#=]+)=(?:\s*(?:\([^\)]+\))?\s*(?!\s*\()[^,!\n][^,\n]+,)*\s*(?:\([^\)]+\))?\s*(?!\s*\()(!\S+).* 1 ^/etc/sudoers(\.d/.*)?$ ^\s*((?!root\b)[\w]+)\s*(\w+)\s*=\s*(.*,)?\s*\([\w\s]*\b(root|ALL)\b[\w\s]*\) 1 ^/etc/sudoers(\.d/.*)?$ ^\s*((?!root\b)[\w]+)\s*(\w+)\s*=\s*(.*,)?\s*[^\(\s] 1 ^/etc/sudoers(\.d/.*)?$ ^Defaults !targetpw$\r?\n 1 ^/etc/sudoers(\.d/.*)?$ ^Defaults !rootpw$\r?\n 1 ^/etc/sudoers(\.d/.*)?$ ^Defaults !runaspw$\r?\n 1 ^/etc/sudoers(\.d/.*)?$ ^Defaults targetpw$\r?\n 1 ^/etc/sudoers(\.d/.*)?$ ^Defaults rootpw$\r?\n 1 ^/etc/sudoers(\.d/.*)?$ ^Defaults runaspw$\r?\n 1 ^/etc/apt/apt.conf.*$ ^(?i)[\s]*Unattended-Upgrade::Remove-Unused-Dependencies(?-i)(=|[\s]+)\"(yes|true|1)\";.*$ 1 ^/etc/apt/apt.conf.*$ ^(?i)[\s]*Unattended-Upgrade::Remove-Unused-Kernel-Packages(?-i)(=|[\s]+)\"(yes|true|1)\";.*$ 1 /etc/dnf/dnf.conf ^\s*\[main\].*(?:\n\s*[^[\s].*)*\n^\s*install_weak_deps[ \t]*=[ \t]*(.+?)[ \t]*(?:$|#) 1 ^/etc/dnf/dnf.conf /etc/dnf/automatic.conf ^\s*\[commands\].*(?:\n\s*[^[\s].*)*\n^\s*apply_updates[ \t]*=[ \t]*(.+?)[ \t]*(?:$|#) 1 ^/etc/dnf/automatic.conf /etc/dnf/automatic.conf ^\s*\[commands\].*(?:\n\s*[^[\s].*)*\n^\s*upgrade_type[ \t]*=[ \t]*(.+?)[ \t]*(?:$|#) 1 ^/etc/dnf/automatic.conf /etc/yum.repos.d ^.*\.repo$ ^\s*\[[^]]+\]\s*\n(?:[^[]*\n)* 1 gpg-pubkey /etc/apt/apt.conf ^\s*gpgcheck\s*=\s*(1|True|yes)\s*$ 1 /etc/apt/apt.conf ^\s*localpkg_gpgcheck\s*=\s*(1|True|yes)\s*$ 1 /etc/yum.repos.d .* ^\s*gpgcheck\s*=\s*0\s*$ 1 /etc/apt/apt.conf ^\s*repo_gpgcheck\s*=\s*(1|True|yes)\s*$ 1 ^/etc/security/pwquality.conf$ ^\s*dcredit[\s]*=[\s]*(-?\d+)(?:[\s]|$) 1 ^/etc/security/pwquality.conf$ ^\s*dictcheck[\s]*=[\s]*(-?\d+)(?:[\s]|$) 1 ^/etc/security/pwquality.conf$ ^\s*difok[\s]*=[\s]*(-?\d+)(?:[\s]|$) 1 /etc/security/pwquality.conf ^[\s]*local_users_only[\s]*$ 1 /etc/security/pwquality.conf ^[\s]*enforcing = 1[\s]*$ 1 ^/etc/security/pwquality.conf$ ^\s*lcredit[\s]*=[\s]*(-?\d+)(?:[\s]|$) 1 ^/etc/security/pwquality.conf$ ^\s*maxclassrepeat[\s]*=[\s]*(-?\d+)(?:[\s]|$) 1 ^/etc/security/pwquality.conf$ ^\s*maxrepeat[\s]*=[\s]*(-?\d+)(?:[\s]|$) 1 ^/etc/security/pwquality.conf$ ^\s*maxsequence[\s]*=[\s]*(-?\d+)(?:[\s]|$) 1 ^/etc/security/pwquality.conf$ ^\s*minclass[\s]*=[\s]*(-?\d+)(?:[\s]|$) 1 ^/etc/security/pwquality.conf$ ^\s*minlen[\s]*=[\s]*(-?\d+)(?:[\s]|$) 1 ^/etc/security/pwquality.conf$ ^\s*ocredit[\s]*=[\s]*(-?\d+)(?:[\s]|$) 1 /etc/security/pwhistory.conf ^[\s]*enforce_for_root[\s]*$ 1 ^/etc/security/pwquality.conf$ ^\s*retry[\s]*=[\s]*(-?\d+)(?:[\s]|$) 1 ^/etc/security/pwquality.conf$ ^\s*ucredit[\s]*=[\s]*(-?\d+)(?:[\s]|$) 1 /etc/pam.d/common-auth ^\s*auth\s+required\s+pam_faildelay.so.*\sdelay=(-?\d+)(?:\s+.*)? 1 /etc/pam.d/system-auth 1 /etc/pam.d/system-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/common-auth 1 /etc/pam.d/common-auth 1 /etc/pam.d/system-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/common-account 1 /etc/pam.d/system-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/common-auth 1 /etc/security/faillock.conf 1 /etc/pam.d/system-auth 1 /etc/pam.d/system-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/common-auth 1 /etc/pam.d/common-auth 1 /etc/pam.d/system-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/common-account 1 /etc/pam.d/system-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/common-auth 1 /etc/security/faillock.conf 1 /etc/pam.d/system-auth 1 /etc/pam.d/system-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/common-auth 1 /etc/pam.d/common-auth 1 /etc/pam.d/system-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/common-account 1 /etc/pam.d/system-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/common-auth 1 /etc/security/faillock.conf 1 /etc/pam.d/system-auth 1 /etc/pam.d/system-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/common-auth 1 /etc/pam.d/common-auth 1 /etc/pam.d/system-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/common-account 1 /etc/pam.d/system-auth 1 /etc/pam.d/password-auth 1 /etc/pam.d/common-auth 1 /etc/security/faillock.conf 1 /etc/pam.d/login ^\s*auth(?:(?!\n)\s)+required(?:(?!\n)\s)+pam_tally2.so((?!\n)\s[^\n]+)?(?!\n)\s+file=.*((\s+\S+)*\s*\\*\s*)$ 1 /etc/default/aide ^\s*SILENTREPORTS=(.+?)[ \t]*(?:$|#) 1 ^/etc/default/aide multi-user.target multi-user.target ^apparmor\.(socket|service)$ ActiveState apparmor /etc/audit/rules.d/30-ospp-v42-3-access-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-3-access-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-3-access-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-3-access-success.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-3-access-success.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-3-access-success.rules ^.*$ 1 /etc/audit/rules.d/10-base-config.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-1-create-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-1-create-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-1-create-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-1-create-success.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-1-create-success.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-1-create-success.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-4-delete-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-4-delete-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-4-delete-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-4-delete-success.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-4-delete-success.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-4-delete-success.rules ^.*$ 1 /etc/audit/rules.d/11-loginuid.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-2-modify-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-2-modify-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-2-modify-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-2-modify-success.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-2-modify-success.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-2-modify-success.rules ^.*$ 1 /etc/audit/rules.d/43-module-load.rules ^.*$ 1 /etc/audit/rules.d/43-module-load.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-6-owner-change-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-6-owner-change-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-6-owner-change-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-6-owner-change-success.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-6-owner-change-success.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-6-owner-change-success.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-5-perm-change-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-5-perm-change-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-5-perm-change-failed.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-5-perm-change-success.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-5-perm-change-success.rules ^.*$ 1 /etc/audit/rules.d/30-ospp-v42-5-perm-change-success.rules ^.*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/init(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/init(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/poweroff(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/poweroff(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/reboot(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/reboot(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/shutdown(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/shutdown(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+chmod[\s]+|([\s]+|[,])chmod([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+chmod[\s]+|([\s]+|[,])chmod([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+chmod[\s]+|([\s]+|[,])chmod([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+chmod[\s]+|([\s]+|[,])chmod([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+chown[\s]+|([\s]+|[,])chown([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+chown[\s]+|([\s]+|[,])chown([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+chown[\s]+|([\s]+|[,])chown([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+chown[\s]+|([\s]+|[,])chown([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fchmod[\s]+|([\s]+|[,])fchmod([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fchmod[\s]+|([\s]+|[,])fchmod([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fchmod[\s]+|([\s]+|[,])fchmod([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fchmod[\s]+|([\s]+|[,])fchmod([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fchmodat[\s]+|([\s]+|[,])fchmodat([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fchmodat[\s]+|([\s]+|[,])fchmodat([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fchmodat[\s]+|([\s]+|[,])fchmodat([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fchmodat[\s]+|([\s]+|[,])fchmodat([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fchmodat2[\s]+|([\s]+|[,])fchmodat2([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fchmodat2[\s]+|([\s]+|[,])fchmodat2([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fchmodat2[\s]+|([\s]+|[,])fchmodat2([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fchmodat2[\s]+|([\s]+|[,])fchmodat2([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fchown[\s]+|([\s]+|[,])fchown([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fchown[\s]+|([\s]+|[,])fchown([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fchown[\s]+|([\s]+|[,])fchown([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fchown[\s]+|([\s]+|[,])fchown([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fchownat[\s]+|([\s]+|[,])fchownat([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fchownat[\s]+|([\s]+|[,])fchownat([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fchownat[\s]+|([\s]+|[,])fchownat([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fchownat[\s]+|([\s]+|[,])fchownat([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fremovexattr[\s]+|([\s]+|[,])fremovexattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fremovexattr[\s]+|([\s]+|[,])fremovexattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fremovexattr[\s]+|([\s]+|[,])fremovexattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fremovexattr[\s]+|([\s]+|[,])fremovexattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fremovexattr[\s]+|([\s]+|[,])fremovexattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fremovexattr[\s]+|([\s]+|[,])fremovexattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fremovexattr[\s]+|([\s]+|[,])fremovexattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fremovexattr[\s]+|([\s]+|[,])fremovexattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fsetxattr[\s]+|([\s]+|[,])fsetxattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fsetxattr[\s]+|([\s]+|[,])fsetxattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fsetxattr[\s]+|([\s]+|[,])fsetxattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fsetxattr[\s]+|([\s]+|[,])fsetxattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fsetxattr[\s]+|([\s]+|[,])fsetxattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fsetxattr[\s]+|([\s]+|[,])fsetxattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fsetxattr[\s]+|([\s]+|[,])fsetxattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fsetxattr[\s]+|([\s]+|[,])fsetxattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+lchown[\s]+|([\s]+|[,])lchown([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+lchown[\s]+|([\s]+|[,])lchown([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+lchown[\s]+|([\s]+|[,])lchown([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+lchown[\s]+|([\s]+|[,])lchown([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+lremovexattr[\s]+|([\s]+|[,])lremovexattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+lremovexattr[\s]+|([\s]+|[,])lremovexattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+lremovexattr[\s]+|([\s]+|[,])lremovexattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+lremovexattr[\s]+|([\s]+|[,])lremovexattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+lremovexattr[\s]+|([\s]+|[,])lremovexattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+lremovexattr[\s]+|([\s]+|[,])lremovexattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+lremovexattr[\s]+|([\s]+|[,])lremovexattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+lremovexattr[\s]+|([\s]+|[,])lremovexattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+lsetxattr[\s]+|([\s]+|[,])lsetxattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+lsetxattr[\s]+|([\s]+|[,])lsetxattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+lsetxattr[\s]+|([\s]+|[,])lsetxattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+lsetxattr[\s]+|([\s]+|[,])lsetxattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+lsetxattr[\s]+|([\s]+|[,])lsetxattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+lsetxattr[\s]+|([\s]+|[,])lsetxattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+lsetxattr[\s]+|([\s]+|[,])lsetxattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+lsetxattr[\s]+|([\s]+|[,])lsetxattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+removexattr[\s]+|([\s]+|[,])removexattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+removexattr[\s]+|([\s]+|[,])removexattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+removexattr[\s]+|([\s]+|[,])removexattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+removexattr[\s]+|([\s]+|[,])removexattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+removexattr[\s]+|([\s]+|[,])removexattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+removexattr[\s]+|([\s]+|[,])removexattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+removexattr[\s]+|([\s]+|[,])removexattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+removexattr[\s]+|([\s]+|[,])removexattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+setxattr[\s]+|([\s]+|[,])setxattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+setxattr[\s]+|([\s]+|[,])setxattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+setxattr[\s]+|([\s]+|[,])setxattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+setxattr[\s]+|([\s]+|[,])setxattr([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+setxattr[\s]+|([\s]+|[,])setxattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+setxattr[\s]+|([\s]+|[,])setxattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+setxattr[\s]+|([\s]+|[,])setxattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+setxattr[\s]+|([\s]+|[,])setxattr([\s]+|[,])))(?:.*-F\s+auid=0[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+umount2[\s]+|([\s]+|[,])umount2([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+umount2[\s]+|([\s]+|[,])umount2([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+umount2[\s]+|([\s]+|[,])umount2([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+umount2[\s]+|([\s]+|[,])umount2([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/chacl(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/chacl(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/chcon(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/chcon(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/chmod(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/chmod(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/restorecon(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/restorecon(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/rm(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/rm(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/semanage(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/semanage(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/setfacl(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/setfacl(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/setfiles(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/setfiles(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/setsebool(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/setsebool(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/seunshare(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/seunshare(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+rename[\s]+|([\s]+|[,])rename([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+rename[\s]+|([\s]+|[,])rename([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+rename[\s]+|([\s]+|[,])rename([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+rename[\s]+|([\s]+|[,])rename([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+renameat[\s]+|([\s]+|[,])renameat([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+renameat[\s]+|([\s]+|[,])renameat([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+renameat[\s]+|([\s]+|[,])renameat([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+renameat[\s]+|([\s]+|[,])renameat([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+renameat2[\s]+|([\s]+|[,])renameat2([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+renameat2[\s]+|([\s]+|[,])renameat2([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+renameat2[\s]+|([\s]+|[,])renameat2([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+renameat2[\s]+|([\s]+|[,])renameat2([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+rmdir[\s]+|([\s]+|[,])rmdir([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+rmdir[\s]+|([\s]+|[,])rmdir([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+rmdir[\s]+|([\s]+|[,])rmdir([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+rmdir[\s]+|([\s]+|[,])rmdir([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+unlink[\s]+|([\s]+|[,])unlink([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+unlink[\s]+|([\s]+|[,])unlink([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+unlink[\s]+|([\s]+|[,])unlink([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+unlink[\s]+|([\s]+|[,])unlink([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+unlinkat[\s]+|([\s]+|[,])unlinkat([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+unlinkat[\s]+|([\s]+|[,])unlinkat([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+unlinkat[\s]+|([\s]+|[,])unlinkat([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+unlinkat[\s]+|([\s]+|[,])unlinkat([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+create_module[\s]+|([\s]+|[,])create_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+create_module[\s]+|([\s]+|[,])create_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+create_module[\s]+|([\s]+|[,])create_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+create_module[\s]+|([\s]+|[,])create_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+delete_module[\s]+|([\s]+|[,])delete_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+delete_module[\s]+|([\s]+|[,])delete_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+delete_module[\s]+|([\s]+|[,])delete_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+delete_module[\s]+|([\s]+|[,])delete_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+finit_module[\s]+|([\s]+|[,])finit_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+finit_module[\s]+|([\s]+|[,])finit_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+finit_module[\s]+|([\s]+|[,])finit_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+finit_module[\s]+|([\s]+|[,])finit_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+init_module[\s]+|([\s]+|[,])init_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+init_module[\s]+|([\s]+|[,])init_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+init_module[\s]+|([\s]+|[,])init_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+init_module[\s]+|([\s]+|[,])init_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+query_module[\s]+|([\s]+|[,])query_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+query_module[\s]+|([\s]+|[,])query_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+query_module[\s]+|([\s]+|[,])query_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+query_module[\s]+|([\s]+|[,])query_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+mount[\s]+|([\s]+|[,])mount([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+mount[\s]+|([\s]+|[,])mount([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+mount[\s]+|([\s]+|[,])mount([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+mount[\s]+|([\s]+|[,])mount([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+setdomainname[\s]+|([\s]+|[,])setdomainname([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+setdomainname[\s]+|([\s]+|[,])setdomainname([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+setdomainname[\s]+|([\s]+|[,])setdomainname([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+setdomainname[\s]+|([\s]+|[,])setdomainname([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+sethostname[\s]+|([\s]+|[,])sethostname([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+sethostname[\s]+|([\s]+|[,])sethostname([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+sethostname[\s]+|([\s]+|[,])sethostname([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+sethostname[\s]+|([\s]+|[,])sethostname([\s]+|[,])))(?:.*-F\s+auid>=1000[\s]+)(?:.*-F\s+auid!=(?:4294967295|unset)[\s]+).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/sbin\/apparmor_parser(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/sbin\/apparmor_parser(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/at(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/at(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/chage(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/chage(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/chfn(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/chfn(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/chsh(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/chsh(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/crontab(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/crontab(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/libexec\/dbus-1\/dbus-daemon-launch-helper-1(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/libexec\/dbus-1\/dbus-daemon-launch-helper-1(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/fusermount(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/fusermount(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/fusermount3(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/fusermount3(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/gpasswd(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/gpasswd(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/grub2-set-bootflag(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/grub2-set-bootflag(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/mount(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/mount(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/mount.nfs(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/mount.nfs(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/newgidmap(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/newgidmap(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/newgrp(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/newgrp(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/newuidmap(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/newuidmap(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/pam_timestamp_check(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/pam_timestamp_check(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/passmass(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/passmass(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/passwd(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/passwd(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/pkexec(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/pkexec(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/lib\/polkit-1\/polkit-agent-helper-1(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/lib\/polkit-1\/polkit-agent-helper-1(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/postdrop(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/postdrop(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/postqueue(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/postqueue(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/libexec\/pt_chown(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/libexec\/pt_chown(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/ssh-agent(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/ssh-agent(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/lib\/openssh\/ssh-keysign(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/lib\/openssh\/ssh-keysign(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/libexec\/sssd\/krb5_child(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/libexec\/sssd\/krb5_child(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/libexec\/sssd\/ldap_child(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/libexec\/sssd\/ldap_child(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/libexec\/sssd\/proxy_child(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/libexec\/sssd\/proxy_child(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/libexec\/sssd\/selinux_child(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/libexec\/sssd\/selinux_child(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/su(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/su(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/sudo(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/sudo(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/sudoedit(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/sudoedit(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/umount(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/umount(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/unix2_chkpwd(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/unix2_chkpwd(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/unix_chkpwd(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/unix_chkpwd(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/unix_update(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/unix_update(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/userhelper(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/userhelper(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/usermod(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/usermod(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/usernetctl(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/sbin\/usernetctl(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/libexec\/utempter(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/libexec\/utempter(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/write(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+-F[\s]+path=\/usr\/bin\/write(?:[\s]+-F[\s]+perm=x)[\s]+-F[\s]+auid>=1000[\s]+-F[\s]+auid!=(?:4294967295|unset|-1)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 ^/etc/audit/rules\.d/.*\.rules$ 1 /etc/audit/audit.rules 1 /etc/audit/plugins.d/au-remote.conf ^\s*active\s*=\s*(.+?)[ \t]*(?:$|#) 1 ^/etc/audit/plugins.d/au-remote.conf /etc/audit/plugins.d/au-remote.conf ^\s*direction\s*=\s*(.+?)[ \t]*(?:$|#) 1 ^/etc/audit/plugins.d/au-remote.conf /etc/audit/plugins.d/au-remote.conf ^\s*path\s*=\s*(.+?)[ \t]*(?:$|#) 1 ^/etc/audit/plugins.d/au-remote.conf /etc/audit/plugins.d/au-remote.conf ^\s*type\s*=\s*(.+?)[ \t]*(?:$|#) 1 ^/etc/audit/plugins.d/au-remote.conf /etc/audit/auditd.conf ^[ \t]*(?i)freq(?-i)[ \t]*=[ \t]*(.+?)[ \t]*(?:$|#) 1 /etc/audit/auditd.conf ^[ \t]*(?i)local_events(?-i)[ \t]*=[ \t]*(.+?)[ \t]*(?:$|#) 1 /etc/audit/auditd.conf ^[ \t]*(?i)log_format(?-i)[ \t]*=[ \t]*(.+?)[ \t]*(?:$|#) 1 /etc/audit/auditd.conf ^[ \t]*(?i)write_logs(?-i)[ \t]*=[ \t]*(.+?)[ \t]*(?:$|#) 1 /etc/audit/auditd.conf ^[ \t]*(?i)write_logs(?-i)[ \t]*=[ \t]* 1 /etc/issue ^.+$ 1 /etc/issue (\\v|\\r|\\m|\\s|ubuntu2204) 1 /etc/issue.net ^.+$ 1 /etc/issue.net (\\v|\\r|\\m|\\s|ubuntu2204) 1 /etc/motd (\\v|\\r|\\m|\\s|ubuntu2204) 1 /etc/chrony/chrony.conf ^\s*makestep (.+?)[ \t]*(?:$|#) 1 ^/etc/chrony/chrony.conf /etc/crypto-policies/policies/modules/ NO-SSHCBC.pmod ^cipher@SSH = \-\*\-CBC$ 1 /etc/usbguard/usbguard-daemon.conf ^[ \\t]*AuditBackend=(.+?)[ \t]*(?:$|#) 1 ^/etc/usbguard/usbguard-daemon.conf /etc/systemd/coredump.conf ^\s*\[Coredump\].*(?:\n\s*[^[\s].*)*\n^[ \t]*ProcessSizeMax\h*=\h*(.+?)[ \t]*(?:$|#) 1 /etc/systemd/coredump.conf.d .*\.conf$ ^\s*\[Coredump\].*(?:\n\s*[^[\s].*)*\n^[ \t]*ProcessSizeMax\h*=\h*(.+?)[ \t]*(?:$|#) 1 /etc/systemd/coredump.conf ^\s*\[Coredump\].*(?:\n\s*[^[\s].*)*\n^[ \t]*Storage\h*=\h*(.+?)[ \t]*(?:$|#) 1 /etc/systemd/coredump.conf.d .*\.conf$ ^\s*\[Coredump\].*(?:\n\s*[^[\s].*)*\n^[ \t]*Storage\h*=\h*(.+?)[ \t]*(?:$|#) 1 ^/boot/loader/entries/ostree-2.*.conf ^/boot/loader/entries/ostree-1.*.conf ^options (.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^options (.*)$ 1 ^/proc/cmdline ^BOOT_IMAGE(.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^/boot/loader/entries/ostree-1.*.conf ^options (.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^options (.*)$ 1 ^/proc/cmdline ^BOOT_IMAGE(.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^/boot/loader/entries/ostree-1.*.conf ^options (.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^options (.*)$ 1 ^/proc/cmdline ^BOOT_IMAGE(.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^/boot/loader/entries/ostree-1.*.conf ^options (.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^options (.*)$ 1 ^/proc/cmdline ^BOOT_IMAGE(.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^/boot/loader/entries/ostree-1.*.conf ^options (.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^options (.*)$ 1 ^/proc/cmdline ^BOOT_IMAGE(.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^/boot/loader/entries/ostree-1.*.conf ^options (.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^options (.*)$ 1 ^/proc/cmdline ^BOOT_IMAGE(.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^/boot/loader/entries/ostree-1.*.conf ^options (.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^options (.*)$ 1 ^/proc/cmdline ^BOOT_IMAGE(.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^/boot/loader/entries/ostree-1.*.conf ^options (.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^options (.*)$ 1 ^/proc/cmdline ^BOOT_IMAGE(.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^/boot/loader/entries/ostree-1.*.conf ^options (.*)$ 1 ^/boot/loader/entries/ostree-2.*.conf ^options (.*)$ 1 ^/proc/cmdline ^BOOT_IMAGE(.*)$ 1 /etc/pam.d/common-password ^\s*password\s+requisite\s+pam_cracklib.so.*\sdcredit=(-?\d+)(?:\s+.*)? 1 /etc/pam.d/common-password ^\s*password\s+requisite\s+pam_cracklib.so.*\sdifok=(-?\d+)(?:\s+.*)? 1 /etc/pam.d/common-password ^\s*password\s+requisite\s+pam_cracklib.so.*\slcredit=(-?\d+)(?:\s+.*)? 1 /etc/pam.d/common-password ^\s*password\s+requisite\s+pam_cracklib.so.*\sminlen=(-?\d+)(?:\s+.*)? 1 /etc/pam.d/common-password ^\s*password\s+requisite\s+pam_cracklib.so.*\socredit=(-?\d+)(?:\s+.*)? 1 /etc/pam.d/common-password ^\s*password\s+requisite\s+pam_cracklib.so.*\sretry=(-?\d+)(?:\s+.*)? 1 /etc/pam.d/common-password ^\s*password\s+requisite\s+pam_cracklib.so.*\sucredit=(-?\d+)(?:\s+.*)? 1 /etc/dconf/db/local.d/ ^.*$ ^\s*\[org/gnome/desktop/lockdown\].*(?:\n\s*[^[\s].*)*\n^\s*user-administration-disabled[ \t]*=[ \t]*(.+?)[ \t]*(?:$|#) 1 /etc/dconf/db/local.d/locks ^.*$ ^/org/gnome/desktop/lockdown/user-administration-disabled$ 1 /etc/dconf/db/local.d/ ^.*$ ^\s*\[org/gnome/settings-daemon/peripherals/smartcard\].*(?:\n\s*[^[\s].*)*\n^\s*removal-action[ \t]*=[ \t]*(.+?)[ \t]*(?:$|#) 1 /etc/dconf/db/local.d/locks ^.*$ ^/org/gnome/settings-daemon/peripherals/smartcard/removal-action$ 1 /lib symlink_file_groupowner state_file_groupownerdir_group_ownership_library_dirs_0_0 /lib64 symlink_file_groupowner state_file_groupownerdir_group_ownership_library_dirs_0_0 /usr/lib symlink_file_groupowner state_file_groupownerdir_group_ownership_library_dirs_0_0 /usr/lib64 symlink_file_groupowner state_file_groupownerdir_group_ownership_library_dirs_0_0 /etc/group ^systemd-journal:\w+:(\w+):.* 1 /usr/lib/group ^systemd-journal:\w+:(\w+):.* 1 object_file_groupownerdir_groupowner_system_journal_systemd-journal_gid_etc object_file_groupownerdir_groupowner_system_journal_systemd-journal_gid_usr /run/log/journal symlink_file_groupowner state_file_groupownerdir_groupowner_system_journal_0_systemd-journal /var/log/journal symlink_file_groupowner state_file_groupownerdir_groupowner_system_journal_0_systemd-journal /bin symlink_file_groupowner state_file_groupownerdir_groupownership_binary_dirs_0_0 /sbin symlink_file_groupowner state_file_groupownerdir_groupownership_binary_dirs_0_0 /usr/bin symlink_file_groupowner state_file_groupownerdir_groupownership_binary_dirs_0_0 /usr/sbin symlink_file_groupowner state_file_groupownerdir_groupownership_binary_dirs_0_0 /usr/local/bin symlink_file_groupowner state_file_groupownerdir_groupownership_binary_dirs_0_0 /usr/local/sbin symlink_file_groupowner state_file_groupownerdir_groupownership_binary_dirs_0_0 /run/log/journal symlink_file_owner state_file_ownerdir_owner_system_journal_0_0 /var/log/journal symlink_file_owner state_file_ownerdir_owner_system_journal_0_0 /bin symlink_file_owner state_file_ownerdir_ownership_binary_dirs_0_0 /sbin symlink_file_owner state_file_ownerdir_ownership_binary_dirs_0_0 /usr/bin symlink_file_owner state_file_ownerdir_ownership_binary_dirs_0_0 /usr/sbin symlink_file_owner state_file_ownerdir_ownership_binary_dirs_0_0 /usr/local/bin symlink_file_owner state_file_ownerdir_ownership_binary_dirs_0_0 /usr/local/sbin symlink_file_owner state_file_ownerdir_ownership_binary_dirs_0_0 /lib symlink_file_owner state_file_ownerdir_ownership_library_dirs_0_0 /lib64 symlink_file_owner state_file_ownerdir_ownership_library_dirs_0_0 /usr/lib symlink_file_owner state_file_ownerdir_ownership_library_dirs_0_0 /usr/lib64 symlink_file_owner state_file_ownerdir_ownership_library_dirs_0_0 /bin exclude_symlinks_dir_permissions_binary_dirs state_file_permissionsdir_permissions_binary_dirs_0_mode_0755or_stricter_ /sbin exclude_symlinks_dir_permissions_binary_dirs state_file_permissionsdir_permissions_binary_dirs_1_mode_0755or_stricter_ /usr/bin exclude_symlinks_dir_permissions_binary_dirs state_file_permissionsdir_permissions_binary_dirs_2_mode_0755or_stricter_ /usr/sbin exclude_symlinks_dir_permissions_binary_dirs state_file_permissionsdir_permissions_binary_dirs_3_mode_0755or_stricter_ /usr/local/bin exclude_symlinks_dir_permissions_binary_dirs state_file_permissionsdir_permissions_binary_dirs_4_mode_0755or_stricter_ /usr/local/sbin exclude_symlinks_dir_permissions_binary_dirs state_file_permissionsdir_permissions_binary_dirs_5_mode_0755or_stricter_ /lib exclude_symlinks_dir_permissions_library_dirs state_file_permissionsdir_permissions_library_dirs_0_mode_7755or_stricter_ /lib64 exclude_symlinks_dir_permissions_library_dirs state_file_permissionsdir_permissions_library_dirs_1_mode_7755or_stricter_ /usr/lib exclude_symlinks_dir_permissions_library_dirs state_file_permissionsdir_permissions_library_dirs_2_mode_7755or_stricter_ /usr/lib64 exclude_symlinks_dir_permissions_library_dirs state_file_permissionsdir_permissions_library_dirs_3_mode_7755or_stricter_ /run/log/journal exclude_symlinks_dir_permissions_system_journal state_file_permissionsdir_permissions_system_journal_0_mode_2750or_stricter_ /var/log/journal exclude_symlinks_dir_permissions_system_journal state_file_permissionsdir_permissions_system_journal_1_mode_2750or_stricter_ /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupownerdirectory_groupowner_etc_ipsecd_root_gid_etc object_file_groupownerdirectory_groupowner_etc_ipsecd_root_gid_usr /etc/ipsec.d symlink_file_groupowner state_file_groupownerdirectory_groupowner_etc_ipsecd_0_root /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupownerdirectory_groupowner_etc_iptables_root_gid_etc object_file_groupownerdirectory_groupowner_etc_iptables_root_gid_usr /etc/iptables symlink_file_groupowner state_file_groupownerdirectory_groupowner_etc_iptables_0_root /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupownerdirectory_groupowner_etc_nftables_root_gid_etc object_file_groupownerdirectory_groupowner_etc_nftables_root_gid_usr /etc/nftables symlink_file_groupowner state_file_groupownerdirectory_groupowner_etc_nftables_0_root /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupownerdirectory_groupowner_etc_selinux_root_gid_etc object_file_groupownerdirectory_groupowner_etc_selinux_root_gid_usr /etc/selinux symlink_file_groupowner state_file_groupownerdirectory_groupowner_etc_selinux_0_root /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupownerdirectory_groupowner_etc_sudoersd_root_gid_etc object_file_groupownerdirectory_groupowner_etc_sudoersd_root_gid_usr /etc/sudoers.d symlink_file_groupowner state_file_groupownerdirectory_groupowner_etc_sudoersd_0_root /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupownerdirectory_groupowner_etc_sysctld_root_gid_etc object_file_groupownerdirectory_groupowner_etc_sysctld_root_gid_usr /etc/sysctl.d symlink_file_groupowner state_file_groupownerdirectory_groupowner_etc_sysctld_0_root /etc/ssh/sshd_config.d symlink_file_groupowner state_file_groupownerdirectory_groupowner_sshd_config_d_0_0 /etc/ipsec.d symlink_file_owner state_file_ownerdirectory_owner_etc_ipsecd_0_0 /etc/iptables symlink_file_owner state_file_ownerdirectory_owner_etc_iptables_0_0 /etc/nftables symlink_file_owner state_file_ownerdirectory_owner_etc_nftables_0_0 /etc/selinux symlink_file_owner state_file_ownerdirectory_owner_etc_selinux_0_0 /etc/sudoers.d symlink_file_owner state_file_ownerdirectory_owner_etc_sudoersd_0_0 /etc/sysctl.d symlink_file_owner state_file_ownerdirectory_owner_etc_sysctld_0_0 /etc/ssh/sshd_config.d symlink_file_owner state_file_ownerdirectory_owner_sshd_config_d_0_0 /etc/ipsec.d exclude_symlinks_directory_permissions_etc_ipsecd state_file_permissionsdirectory_permissions_etc_ipsecd_0_mode_0700or_stricter_ /etc/iptables exclude_symlinks_directory_permissions_etc_iptables state_file_permissionsdirectory_permissions_etc_iptables_0_mode_0700or_stricter_ /etc/nftables exclude_symlinks_directory_permissions_etc_nftables state_file_permissionsdirectory_permissions_etc_nftables_0_mode_0700or_stricter_ /etc/selinux exclude_symlinks_directory_permissions_etc_selinux state_file_permissionsdirectory_permissions_etc_selinux_0_mode_0755or_stricter_ /etc/sudoers.d exclude_symlinks_directory_permissions_etc_sudoersd state_file_permissionsdirectory_permissions_etc_sudoersd_0_mode_0750or_stricter_ /etc/sysctl.d exclude_symlinks_directory_permissions_etc_sysctld state_file_permissionsdirectory_permissions_etc_sysctld_0_mode_0755or_stricter_ /etc/ssh/sshd_config.d exclude_symlinks_directory_permissions_sshd_config_d state_file_permissionsdirectory_permissions_sshd_config_d_0_mode_0700or_stricter_ /etc/ssh/sshd_config ^[ \t]*(?i)HostbasedAuthentication(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)HostbasedAuthentication(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_disable_host_auth obj_disable_host_auth_config_dir /etc/at.allow /etc/at.deny /sbin/auditctl symlink_file_groupowner state_file_groupownerfile_audit_tools_group_ownership_0_0 /sbin/aureport symlink_file_groupowner state_file_groupownerfile_audit_tools_group_ownership_0_0 /sbin/ausearch symlink_file_groupowner state_file_groupownerfile_audit_tools_group_ownership_0_0 /sbin/autrace symlink_file_groupowner state_file_groupownerfile_audit_tools_group_ownership_0_0 /sbin/auditd symlink_file_groupowner state_file_groupownerfile_audit_tools_group_ownership_0_0 /sbin/rsyslogd symlink_file_groupowner state_file_groupownerfile_audit_tools_group_ownership_0_0 /sbin/augenrules symlink_file_groupowner state_file_groupownerfile_audit_tools_group_ownership_0_0 /sbin/auditctl symlink_file_owner state_file_ownerfile_audit_tools_ownership_0_0 /sbin/aureport symlink_file_owner state_file_ownerfile_audit_tools_ownership_0_0 /sbin/ausearch symlink_file_owner state_file_ownerfile_audit_tools_ownership_0_0 /sbin/autrace symlink_file_owner state_file_ownerfile_audit_tools_ownership_0_0 /sbin/auditd symlink_file_owner state_file_ownerfile_audit_tools_ownership_0_0 /sbin/rsyslogd symlink_file_owner state_file_ownerfile_audit_tools_ownership_0_0 /sbin/augenrules symlink_file_owner state_file_ownerfile_audit_tools_ownership_0_0 /sbin/auditctl exclude_symlinks_file_audit_tools_permissions state_file_permissionsfile_audit_tools_permissions_0_mode_0755or_stricter_ /sbin/aureport exclude_symlinks_file_audit_tools_permissions state_file_permissionsfile_audit_tools_permissions_1_mode_0755or_stricter_ /sbin/ausearch exclude_symlinks_file_audit_tools_permissions state_file_permissionsfile_audit_tools_permissions_2_mode_0755or_stricter_ /sbin/autrace exclude_symlinks_file_audit_tools_permissions state_file_permissionsfile_audit_tools_permissions_3_mode_0755or_stricter_ /sbin/auditd exclude_symlinks_file_audit_tools_permissions state_file_permissionsfile_audit_tools_permissions_4_mode_0755or_stricter_ /sbin/rsyslogd exclude_symlinks_file_audit_tools_permissions state_file_permissionsfile_audit_tools_permissions_5_mode_0755or_stricter_ /sbin/augenrules exclude_symlinks_file_audit_tools_permissions state_file_permissionsfile_audit_tools_permissions_6_mode_0755or_stricter_ /etc/cron.allow /etc/cron.deny /etc/at.allow symlink_file_groupowner state_file_groupowner_at_allow_0_0 /etc/at.deny symlink_file_groupowner state_file_groupowner_at_deny_0_0 /etc/group- symlink_file_groupowner state_file_groupowner_backup_etc_group_0_0 /etc/gshadow- symlink_file_groupowner state_file_groupowner_backup_etc_gshadow_0_42 /etc/passwd- symlink_file_groupowner state_file_groupowner_backup_etc_passwd_0_0 /etc/shadow- symlink_file_groupowner state_file_groupowner_backup_etc_shadow_0_42 /etc/group ^crontab:\w+:(\w+):.* 1 /usr/lib/group ^crontab:\w+:(\w+):.* 1 object_file_groupowner_cron_allow_crontab_gid_etc object_file_groupowner_cron_allow_crontab_gid_usr /etc/cron.allow symlink_file_groupowner state_file_groupowner_cron_allow_0_crontab /etc/cron.d symlink_file_groupowner state_file_groupowner_cron_d_0_0 /etc/cron.daily symlink_file_groupowner state_file_groupowner_cron_daily_0_0 /etc/cron.deny symlink_file_groupowner state_file_groupowner_cron_deny_0_0 /etc/cron.hourly symlink_file_groupowner state_file_groupowner_cron_hourly_0_0 /etc/cron.monthly symlink_file_groupowner state_file_groupowner_cron_monthly_0_0 /etc/cron.weekly symlink_file_groupowner state_file_groupowner_cron_weekly_0_0 /etc/cron.yearly symlink_file_groupowner state_file_groupowner_cron_yearly_0_0 /etc/crontab symlink_file_groupowner state_file_groupowner_crontab_0_0 /boot/grub/grub.cfg symlink_file_groupowner state_file_groupowner_efi_grub2_cfg_0_0 /boot/grub/user.cfg symlink_file_groupowner state_file_groupowner_efi_user_cfg_0_0 /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupowner_etc_crypttab_root_gid_etc object_file_groupowner_etc_crypttab_root_gid_usr /etc/crypttab symlink_file_groupowner state_file_groupowner_etc_crypttab_0_root /etc/group symlink_file_groupowner state_file_groupowner_etc_group_0_0 /etc/gshadow symlink_file_groupowner state_file_groupowner_etc_gshadow_0_42 /etc/hosts.allow symlink_file_groupowner state_file_groupowner_etc_hosts_allow_0_0 /etc/hosts.deny symlink_file_groupowner state_file_groupowner_etc_hosts_deny_0_0 /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupowner_etc_ipsec_conf_root_gid_etc object_file_groupowner_etc_ipsec_conf_root_gid_usr /etc/ipsec.conf symlink_file_groupowner state_file_groupowner_etc_ipsec_conf_0_root /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupowner_etc_ipsec_secrets_root_gid_etc object_file_groupowner_etc_ipsec_secrets_root_gid_usr /etc/ipsec.secrets symlink_file_groupowner state_file_groupowner_etc_ipsec_secrets_0_root /etc/issue symlink_file_groupowner state_file_groupowner_etc_issue_0_0 /etc/issue.net symlink_file_groupowner state_file_groupowner_etc_issue_net_0_0 /etc/motd symlink_file_groupowner state_file_groupowner_etc_motd_0_0 /etc/passwd symlink_file_groupowner state_file_groupowner_etc_passwd_0_0 /etc/security/opasswd symlink_file_groupowner state_file_groupowner_etc_security_opasswd_0_0 /etc/security/opasswd.old symlink_file_groupowner state_file_groupowner_etc_security_opasswd_old_0_0 /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupowner_etc_sestatus_conf_root_gid_etc object_file_groupowner_etc_sestatus_conf_root_gid_usr /etc/sestatus.conf symlink_file_groupowner state_file_groupowner_etc_sestatus_conf_0_root /etc/shadow symlink_file_groupowner state_file_groupowner_etc_shadow_0_42 /etc/shells symlink_file_groupowner state_file_groupowner_etc_shells_0_0 /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupowner_etc_sudoers_root_gid_etc object_file_groupowner_etc_sudoers_root_gid_usr /etc/sudoers symlink_file_groupowner state_file_groupowner_etc_sudoers_0_root /boot/grub/grub.cfg symlink_file_groupowner state_file_groupowner_grub2_cfg_0_0 /usr/bin/journalctl symlink_file_groupowner state_file_groupowner_journalctl_0_0 /etc/ssh/sshd_config symlink_file_groupowner state_file_groupowner_sshd_config_0_0 /etc/ssh/sshd_config.d ^.*$ symlink_file_groupowner state_file_groupowner_sshd_drop_in_config_0_0 /etc/group ^systemd-journal:\w+:(\w+):.* 1 /usr/lib/group ^systemd-journal:\w+:(\w+):.* 1 object_file_groupowner_system_journal_systemd-journal_gid_etc object_file_groupowner_system_journal_systemd-journal_gid_usr /run/log/journal ^.*$ symlink_file_groupowner state_file_groupowner_system_journal_0_systemd-journal /var/log/journal ^.*$ symlink_file_groupowner state_file_groupowner_system_journal_0_systemd-journal /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupowner_systemmap_root_gid_etc object_file_groupowner_systemmap_root_gid_usr /boot ^.*System\.map.*$ symlink_file_groupowner state_file_groupowner_systemmap_0_root /boot/grub/user.cfg symlink_file_groupowner state_file_groupowner_user_cfg_0_0 /etc/group ^syslog:\w+:(\w+):.* 1 /usr/lib/group ^syslog:\w+:(\w+):.* 1 object_file_groupowner_var_log_syslog_gid_etc object_file_groupowner_var_log_syslog_gid_usr /var/log symlink_file_groupowner state_file_groupowner_var_log_0_syslog /etc/group ^adm:\w+:(\w+):.* 1 /usr/lib/group ^adm:\w+:(\w+):.* 1 object_file_groupowner_var_log_auth_adm_gid_etc object_file_groupowner_var_log_auth_adm_gid_usr /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupowner_var_log_auth_root_gid_etc object_file_groupowner_var_log_auth_root_gid_usr /var/log/auth.log symlink_file_groupowner state_file_groupowner_var_log_auth_0_adm state_file_groupowner_var_log_auth_1_root /etc/group ^adm:\w+:(\w+):.* 1 /usr/lib/group ^adm:\w+:(\w+):.* 1 object_file_groupowner_var_log_cloud_init_adm_gid_etc object_file_groupowner_var_log_cloud_init_adm_gid_usr /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupowner_var_log_cloud_init_root_gid_etc object_file_groupowner_var_log_cloud_init_root_gid_usr /var/log .*cloud-init\.log.* symlink_file_groupowner state_file_groupowner_var_log_cloud_init_0_adm state_file_groupowner_var_log_cloud_init_1_root /etc/group ^systemd-journal:\w+:(\w+):.* 1 /usr/lib/group ^systemd-journal:\w+:(\w+):.* 1 object_file_groupowner_var_log_journal_systemd-journal_gid_etc object_file_groupowner_var_log_journal_systemd-journal_gid_usr /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupowner_var_log_journal_root_gid_etc object_file_groupowner_var_log_journal_root_gid_usr /var/log .*\.journal[~]? symlink_file_groupowner state_file_groupowner_var_log_journal_0_systemd-journal state_file_groupowner_var_log_journal_1_root /etc/group ^utmp:\w+:(\w+):.* 1 /usr/lib/group ^utmp:\w+:(\w+):.* 1 object_file_groupowner_var_log_lastlog_utmp_gid_etc object_file_groupowner_var_log_lastlog_utmp_gid_usr /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupowner_var_log_lastlog_root_gid_etc object_file_groupowner_var_log_lastlog_root_gid_usr /var/log .*lastlog(\.[^\/]+)? symlink_file_groupowner state_file_groupowner_var_log_lastlog_0_utmp state_file_groupowner_var_log_lastlog_1_root /etc/group ^adm:\w+:(\w+):.* 1 /usr/lib/group ^adm:\w+:(\w+):.* 1 object_file_groupowner_var_log_localmessages_adm_gid_etc object_file_groupowner_var_log_localmessages_adm_gid_usr /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupowner_var_log_localmessages_root_gid_etc object_file_groupowner_var_log_localmessages_root_gid_usr /var/log .*localmessages.* symlink_file_groupowner state_file_groupowner_var_log_localmessages_0_adm state_file_groupowner_var_log_localmessages_1_root /var/log/messages symlink_file_groupowner state_file_groupowner_var_log_messages_0_0 /etc/group ^adm:\w+:(\w+):.* 1 /usr/lib/group ^adm:\w+:(\w+):.* 1 object_file_groupowner_var_log_secure_adm_gid_etc object_file_groupowner_var_log_secure_adm_gid_usr /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupowner_var_log_secure_root_gid_etc object_file_groupowner_var_log_secure_root_gid_usr /var/log .*secure(.*[-\.].*)? symlink_file_groupowner state_file_groupowner_var_log_secure_0_adm state_file_groupowner_var_log_secure_1_root /var/log/syslog symlink_file_groupowner state_file_groupowner_var_log_syslog_0_4 /etc/group ^adm:\w+:(\w+):.* 1 /usr/lib/group ^adm:\w+:(\w+):.* 1 object_file_groupowner_var_log_waagent_adm_gid_etc object_file_groupowner_var_log_waagent_adm_gid_usr /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupowner_var_log_waagent_root_gid_etc object_file_groupowner_var_log_waagent_root_gid_usr /var/log .*waagent.log.* symlink_file_groupowner state_file_groupowner_var_log_waagent_0_adm state_file_groupowner_var_log_waagent_1_root /etc/group ^utmp:\w+:(\w+):.* 1 /usr/lib/group ^utmp:\w+:(\w+):.* 1 object_file_groupowner_var_log_wbtmp_utmp_gid_etc object_file_groupowner_var_log_wbtmp_utmp_gid_usr /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupowner_var_log_wbtmp_root_gid_etc object_file_groupowner_var_log_wbtmp_root_gid_usr /var/log .*(b|w)tmp((\.|-)[^\/]+)? symlink_file_groupowner state_file_groupowner_var_log_wbtmp_0_utmp state_file_groupowner_var_log_wbtmp_1_root /sbin/auditctl symlink_file_groupowner state_file_groupownership_audit_binaries_0_0 /sbin/aureport symlink_file_groupowner state_file_groupownership_audit_binaries_0_0 /sbin/ausearch symlink_file_groupowner state_file_groupownership_audit_binaries_0_0 /sbin/autrace symlink_file_groupowner state_file_groupownership_audit_binaries_0_0 /sbin/auditd symlink_file_groupowner state_file_groupownership_audit_binaries_0_0 /sbin/augenrules symlink_file_groupowner state_file_groupownership_audit_binaries_0_0 /etc/audit ^.*audit(\.rules|d\.conf)$ symlink_file_groupowner state_file_groupownership_audit_configuration_0_0 /etc/audit/rules.d ^.*\.rules$ symlink_file_groupowner state_file_groupownership_audit_configuration_0_0 /usr/bin/lastlog symlink_file_groupowner state_file_groupownership_lastlog_0_0 /etc/ssh ^.*_key$ symlink_file_groupowner state_file_groupownership_sshd_private_key_0_0 /etc/ssh ^.*\.pub$ symlink_file_groupowner state_file_groupownership_sshd_pub_key_0_0 /etc/group ^adm:\w+:(\w+):.* 1 /usr/lib/group ^adm:\w+:(\w+):.* 1 object_file_groupownerships_var_log_apt_adm_gid_etc object_file_groupownerships_var_log_apt_adm_gid_usr /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupownerships_var_log_apt_root_gid_etc object_file_groupownerships_var_log_apt_root_gid_usr /var/log/apt .* symlink_file_groupowner state_file_groupownerships_var_log_apt_0_adm state_file_groupownerships_var_log_apt_1_root /etc/group ^gdm:\w+:(\w+):.* 1 /usr/lib/group ^gdm:\w+:(\w+):.* 1 object_file_groupownerships_var_log_gdm_gdm_gid_etc object_file_groupownerships_var_log_gdm_gdm_gid_usr /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupownerships_var_log_gdm_root_gid_etc object_file_groupownerships_var_log_gdm_root_gid_usr /var/log/gdm .* symlink_file_groupowner state_file_groupownerships_var_log_gdm_0_gdm state_file_groupownerships_var_log_gdm_1_root /etc/group ^gdm:\w+:(\w+):.* 1 /usr/lib/group ^gdm:\w+:(\w+):.* 1 object_file_groupownerships_var_log_gdm3_gdm_gid_etc object_file_groupownerships_var_log_gdm3_gdm_gid_usr /etc/group ^gdm3:\w+:(\w+):.* 1 /usr/lib/group ^gdm3:\w+:(\w+):.* 1 object_file_groupownerships_var_log_gdm3_gdm3_gid_etc object_file_groupownerships_var_log_gdm3_gdm3_gid_usr /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupownerships_var_log_gdm3_root_gid_etc object_file_groupownerships_var_log_gdm3_root_gid_usr /var/log/gdm3 .* symlink_file_groupowner state_file_groupownerships_var_log_gdm3_0_gdm state_file_groupownerships_var_log_gdm3_1_gdm3 state_file_groupownerships_var_log_gdm3_2_root /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupownerships_var_log_landscape_root_gid_etc object_file_groupownerships_var_log_landscape_root_gid_usr /etc/group ^landscape:\w+:(\w+):.* 1 /usr/lib/group ^landscape:\w+:(\w+):.* 1 object_file_groupownerships_var_log_landscape_landscape_gid_etc object_file_groupownerships_var_log_landscape_landscape_gid_usr /var/log/landscape ^.*$ symlink_file_groupowner state_file_groupownerships_var_log_landscape_0_root state_file_groupownerships_var_log_landscape_1_landscape /etc/group ^sssd:\w+:(\w+):.* 1 /usr/lib/group ^sssd:\w+:(\w+):.* 1 object_file_groupownerships_var_log_sssd_sssd_gid_etc object_file_groupownerships_var_log_sssd_sssd_gid_usr /etc/group ^root:\w+:(\w+):.* 1 /usr/lib/group ^root:\w+:(\w+):.* 1 object_file_groupownerships_var_log_sssd_root_gid_etc object_file_groupownerships_var_log_sssd_root_gid_usr /var/log/sssd .* symlink_file_groupowner state_file_groupownerships_var_log_sssd_0_sssd state_file_groupownerships_var_log_sssd_1_root /etc/at.allow symlink_file_owner state_file_owner_at_allow_0_0 /etc/at.deny symlink_file_owner state_file_owner_at_deny_0_0 /etc/group- symlink_file_owner state_file_owner_backup_etc_group_0_0 /etc/gshadow- symlink_file_owner state_file_owner_backup_etc_gshadow_0_0 /etc/passwd- symlink_file_owner state_file_owner_backup_etc_passwd_0_0 /etc/shadow- symlink_file_owner state_file_owner_backup_etc_shadow_0_0 /etc/cron.allow symlink_file_owner state_file_owner_cron_allow_0_0 /etc/cron.d symlink_file_owner state_file_owner_cron_d_0_0 /etc/cron.daily symlink_file_owner state_file_owner_cron_daily_0_0 /etc/cron.deny symlink_file_owner state_file_owner_cron_deny_0_0 /etc/cron.hourly symlink_file_owner state_file_owner_cron_hourly_0_0 /etc/cron.monthly symlink_file_owner state_file_owner_cron_monthly_0_0 /etc/cron.weekly symlink_file_owner state_file_owner_cron_weekly_0_0 /etc/cron.yearly symlink_file_owner state_file_owner_cron_yearly_0_0 /etc/crontab symlink_file_owner state_file_owner_crontab_0_0 /boot/grub/grub.cfg symlink_file_owner state_file_owner_efi_grub2_cfg_0_0 /boot/grub/user.cfg symlink_file_owner state_file_owner_efi_user_cfg_0_0 /etc/chrony.keys symlink_file_owner state_file_owner_etc_chrony_keys_0_0 /etc/crypttab symlink_file_owner state_file_owner_etc_crypttab_0_0 /etc/group symlink_file_owner state_file_owner_etc_group_0_0 /etc/gshadow symlink_file_owner state_file_owner_etc_gshadow_0_0 /etc/hosts.allow symlink_file_owner state_file_owner_etc_hosts_allow_0_0 /etc/hosts.deny symlink_file_owner state_file_owner_etc_hosts_deny_0_0 /etc/ipsec.conf symlink_file_owner state_file_owner_etc_ipsec_conf_0_0 /etc/ipsec.secrets symlink_file_owner state_file_owner_etc_ipsec_secrets_0_0 /etc/issue symlink_file_owner state_file_owner_etc_issue_0_0 /etc/issue.net symlink_file_owner state_file_owner_etc_issue_net_0_0 /etc/motd symlink_file_owner state_file_owner_etc_motd_0_0 /etc/passwd symlink_file_owner state_file_owner_etc_passwd_0_0 /etc/security/opasswd symlink_file_owner state_file_owner_etc_security_opasswd_0_0 /etc/security/opasswd.old symlink_file_owner state_file_owner_etc_security_opasswd_old_0_0 /etc/sestatus.conf symlink_file_owner state_file_owner_etc_sestatus_conf_0_0 /etc/shadow symlink_file_owner state_file_owner_etc_shadow_0_0 /etc/shells symlink_file_owner state_file_owner_etc_shells_0_0 /etc/sudoers symlink_file_owner state_file_owner_etc_sudoers_0_0 /boot/grub/grub.cfg symlink_file_owner state_file_owner_grub2_cfg_0_0 /usr/bin/journalctl symlink_file_owner state_file_owner_journalctl_0_0 /etc/ssh/sshd_config symlink_file_owner state_file_owner_sshd_config_0_0 /etc/ssh/sshd_config.d ^.*$ symlink_file_owner state_file_owner_sshd_drop_in_config_0_0 /run/log/journal ^.*$ symlink_file_owner state_file_owner_system_journal_0_0 /var/log/journal ^.*$ symlink_file_owner state_file_owner_system_journal_0_0 /boot ^.*System\.map.*$ symlink_file_owner state_file_owner_systemmap_0_0 /boot/grub/user.cfg symlink_file_owner state_file_owner_user_cfg_0_0 /var/log symlink_file_owner state_file_owner_var_log_0_0 syslog root /var/log/auth.log symlink_file_owner state_file_owner_var_log_auth_0_syslog state_file_owner_var_log_auth_1_root syslog root /var/log .*cloud-init\.log.* symlink_file_owner state_file_owner_var_log_cloud_init_0_syslog state_file_owner_var_log_cloud_init_1_root /var/log .*\.journal(~)?$ symlink_file_owner state_file_owner_var_log_journal_0_0 /var/log .*lastlog(\.[^\/]+)?$ symlink_file_owner state_file_owner_var_log_lastlog_0_0 syslog root /var/log .*localmessages.* symlink_file_owner state_file_owner_var_log_localmessages_0_syslog state_file_owner_var_log_localmessages_1_root /var/log/messages symlink_file_owner state_file_owner_var_log_messages_0_0 syslog root /var/log .*secure(.*[-\.].*)? symlink_file_owner state_file_owner_var_log_secure_0_syslog state_file_owner_var_log_secure_1_root syslog /var/log/syslog symlink_file_owner state_file_owner_var_log_syslog_0_syslog syslog root /var/log .*waagent.log.* symlink_file_owner state_file_owner_var_log_waagent_0_syslog state_file_owner_var_log_waagent_1_root /var/log .*(b|w)tmp((\.|-)[^\/]+)?$ symlink_file_owner state_file_owner_var_log_wbtmp_0_0 /sbin/auditctl symlink_file_owner state_file_ownership_audit_binaries_0_0 /sbin/aureport symlink_file_owner state_file_ownership_audit_binaries_0_0 /sbin/ausearch symlink_file_owner state_file_ownership_audit_binaries_0_0 /sbin/autrace symlink_file_owner state_file_ownership_audit_binaries_0_0 /sbin/auditd symlink_file_owner state_file_ownership_audit_binaries_0_0 /sbin/augenrules symlink_file_owner state_file_ownership_audit_binaries_0_0 /etc/audit ^.*audit(\.rules|d\.conf)$ symlink_file_owner state_file_ownership_audit_configuration_0_0 /etc/audit/rules.d ^.*\.rules$ symlink_file_owner state_file_ownership_audit_configuration_0_0 /usr/bin/lastlog symlink_file_owner state_file_ownership_lastlog_0_0 /lib ^.*$ symlink_file_owner state_file_ownership_library_dirs_0_0 /lib64 ^.*$ symlink_file_owner state_file_ownership_library_dirs_0_0 /usr/lib ^.*$ symlink_file_owner state_file_ownership_library_dirs_0_0 /usr/lib64 ^.*$ symlink_file_owner state_file_ownership_library_dirs_0_0 /etc/ssh ^.*_key$ symlink_file_owner state_file_ownership_sshd_private_key_0_0 /etc/ssh ^.*\.pub$ symlink_file_owner state_file_ownership_sshd_pub_key_0_0 /var/log/apt ^.*$ symlink_file_owner state_file_ownerships_var_log_apt_0_0 /var/log/gdm .* symlink_file_owner state_file_ownerships_var_log_gdm_0_0 /var/log/gdm3 .* symlink_file_owner state_file_ownerships_var_log_gdm3_0_0 root landscape /var/log/landscape ^.*$ symlink_file_owner state_file_ownerships_var_log_landscape_0_root state_file_ownerships_var_log_landscape_1_landscape sssd root /var/log/sssd .* symlink_file_owner state_file_ownerships_var_log_sssd_0_sssd state_file_ownerships_var_log_sssd_1_root /etc/at.allow exclude_symlinks__at_allow state_file_permissions_at_allow_0_mode_0640or_stricter_ /etc/at.deny exclude_symlinks__at_deny state_file_permissions_at_deny_0_mode_0640or_stricter_ /sbin/auditctl exclude_symlinks__audit_binaries state_file_permissions_audit_binaries_0_mode_0755or_stricter_ /sbin/aureport exclude_symlinks__audit_binaries state_file_permissions_audit_binaries_1_mode_0755or_stricter_ /sbin/ausearch exclude_symlinks__audit_binaries state_file_permissions_audit_binaries_2_mode_0755or_stricter_ /sbin/autrace exclude_symlinks__audit_binaries state_file_permissions_audit_binaries_3_mode_0755or_stricter_ /sbin/auditd exclude_symlinks__audit_binaries state_file_permissions_audit_binaries_4_mode_0755or_stricter_ /sbin/augenrules exclude_symlinks__audit_binaries state_file_permissions_audit_binaries_5_mode_0755or_stricter_ /etc/audit ^.*audit(\.rules|d\.conf)$ exclude_symlinks__audit_configuration state_file_permissions_audit_configuration_0_mode_0640or_stricter_ /etc/audit/rules.d ^.*\.rules$ exclude_symlinks__audit_configuration state_file_permissions_audit_configuration_1_mode_0640or_stricter_ /etc/group- exclude_symlinks__backup_etc_group state_file_permissions_backup_etc_group_0_mode_0644or_stricter_ /etc/gshadow- exclude_symlinks__backup_etc_gshadow state_file_permissions_backup_etc_gshadow_0_mode_0640or_stricter_ /etc/passwd- exclude_symlinks__backup_etc_passwd state_file_permissions_backup_etc_passwd_0_mode_0644or_stricter_ /etc/shadow- exclude_symlinks__backup_etc_shadow state_file_permissions_backup_etc_shadow_0_mode_0640or_stricter_ /etc/cron.allow exclude_symlinks__cron_allow state_file_permissions_cron_allow_0_mode_0640or_stricter_ /etc/cron.d exclude_symlinks__cron_d state_file_permissions_cron_d_0_mode_0700or_stricter_ /etc/cron.daily exclude_symlinks__cron_daily state_file_permissions_cron_daily_0_mode_0700or_stricter_ /etc/cron.hourly exclude_symlinks__cron_hourly state_file_permissions_cron_hourly_0_mode_0700or_stricter_ /etc/cron.monthly exclude_symlinks__cron_monthly state_file_permissions_cron_monthly_0_mode_0700or_stricter_ /etc/cron.weekly exclude_symlinks__cron_weekly state_file_permissions_cron_weekly_0_mode_0700or_stricter_ /etc/cron.yearly exclude_symlinks__cron_yearly state_file_permissions_cron_yearly_0_mode_0700or_stricter_ /etc/crontab exclude_symlinks__crontab state_file_permissions_crontab_0_mode_0600or_stricter_ /boot/grub/grub.cfg exclude_symlinks__efi_grub2_cfg state_file_permissions_efi_grub2_cfg_0_mode_0700or_stricter_ /boot/grub/user.cfg exclude_symlinks__efi_user_cfg state_file_permissions_efi_user_cfg_0_mode_0700or_stricter_ /etc/audit/auditd.conf exclude_symlinks__etc_audit_auditd state_file_permissions_etc_audit_auditd_0_mode_0640or_stricter_ /etc/audit/audit.rules exclude_symlinks__etc_audit_rules state_file_permissions_etc_audit_rules_0_mode_0640or_stricter_ /etc/audit/rules.d ^.*rules$ exclude_symlinks__etc_audit_rulesd state_file_permissions_etc_audit_rulesd_0_mode_0600or_stricter_ /etc/chrony.keys exclude_symlinks__etc_chrony_keys state_file_permissions_etc_chrony_keys_0_mode_0640or_stricter_ /etc/crypttab exclude_symlinks__etc_crypttab state_file_permissions_etc_crypttab_0_mode_0600or_stricter_ /etc/group exclude_symlinks__etc_group state_file_permissions_etc_group_0_mode_0644or_stricter_ /etc/gshadow exclude_symlinks__etc_gshadow state_file_permissions_etc_gshadow_0_mode_0640or_stricter_ /etc/hosts.allow exclude_symlinks__etc_hosts_allow state_file_permissions_etc_hosts_allow_0_mode_0644or_stricter_ /etc/hosts.deny exclude_symlinks__etc_hosts_deny state_file_permissions_etc_hosts_deny_0_mode_0644or_stricter_ /etc/ipsec.conf exclude_symlinks__etc_ipsec_conf state_file_permissions_etc_ipsec_conf_0_mode_0644or_stricter_ /etc/ipsec.secrets exclude_symlinks__etc_ipsec_secrets state_file_permissions_etc_ipsec_secrets_0_mode_0644or_stricter_ /etc/issue exclude_symlinks__etc_issue state_file_permissions_etc_issue_0_mode_0644or_stricter_ /etc/issue.net exclude_symlinks__etc_issue_net state_file_permissions_etc_issue_net_0_mode_0644or_stricter_ /etc/motd exclude_symlinks__etc_motd state_file_permissions_etc_motd_0_mode_0644or_stricter_ /etc/passwd exclude_symlinks__etc_passwd state_file_permissions_etc_passwd_0_mode_0644or_stricter_ /etc/security/opasswd exclude_symlinks__etc_security_opasswd state_file_permissions_etc_security_opasswd_0_mode_0600or_stricter_ /etc/security/opasswd.old exclude_symlinks__etc_security_opasswd_old state_file_permissions_etc_security_opasswd_old_0_mode_0600or_stricter_ /etc/sestatus.conf exclude_symlinks__etc_sestatus_conf state_file_permissions_etc_sestatus_conf_0_mode_0644or_stricter_ /etc/shadow exclude_symlinks__etc_shadow state_file_permissions_etc_shadow_0_mode_0640or_stricter_ /etc/shells exclude_symlinks__etc_shells state_file_permissions_etc_shells_0_mode_0644or_stricter_ /etc/sudoers exclude_symlinks__etc_sudoers state_file_permissions_etc_sudoers_0_mode_0440or_stricter_ /boot/grub/grub.cfg exclude_symlinks__grub2_cfg state_file_permissions_grub2_cfg_0_mode_0600or_stricter_ /usr/bin/journalctl exclude_symlinks__journalctl state_file_permissions_journalctl_0_mode_0740or_stricter_ /usr/bin/lastlog exclude_symlinks__lastlog state_file_permissions_lastlog_0_mode_0750or_stricter_ /lib ^.*$ exclude_symlinks__library_dirs state_file_permissions_library_dirs_0_mode_7755or_stricter_ /lib64 ^.*$ exclude_symlinks__library_dirs state_file_permissions_library_dirs_1_mode_7755or_stricter_ /usr/lib ^.*$ exclude_symlinks__library_dirs state_file_permissions_library_dirs_2_mode_7755or_stricter_ /usr/lib64 ^.*$ exclude_symlinks__library_dirs state_file_permissions_library_dirs_3_mode_7755or_stricter_ /etc/ssh/sshd_config exclude_symlinks__sshd_config state_file_permissions_sshd_config_0_mode_0600or_stricter_ /etc/ssh/sshd_config.d ^.*$ exclude_symlinks__sshd_drop_in_config state_file_permissions_sshd_drop_in_config_0_mode_0600or_stricter_ /etc/ssh ^.*\.pub$ exclude_symlinks__sshd_pub_key state_file_permissions_sshd_pub_key_0_mode_0644or_stricter_ /usr/bin/sudo exclude_symlinks__sudo state_file_permissions_sudo_0_mode_4110 /run/log/journal ^.*$ exclude_symlinks__system_journal state_file_permissions_system_journal_0_mode_0640or_stricter_ /var/log/journal ^.*$ exclude_symlinks__system_journal state_file_permissions_system_journal_1_mode_0640or_stricter_ /boot ^.*System\.map.*$ exclude_symlinks__systemmap state_file_permissions_systemmap_0_mode_0600or_stricter_ /boot/grub/user.cfg exclude_symlinks__user_cfg state_file_permissions_user_cfg_0_mode_0600or_stricter_ /var/log exclude_symlinks__var_log state_file_permissions_var_log_0_mode_0755or_stricter_ /var/log/apt ^.*$ exclude_symlinks__var_log_apt state_file_permissions_var_log_apt_0_mode_0644or_stricter_ /var/log/auth.log exclude_symlinks__var_log_auth state_file_permissions_var_log_auth_0_mode_0640or_stricter_ /var/log .*cloud-init.log([^\/]+)?$ exclude_symlinks__var_log_cloud-init state_file_permissions_var_log_cloud-init_0_mode_0644or_stricter_ /var/log/gdm .* exclude_symlinks__var_log_gdm state_file_permissions_var_log_gdm_0_mode_0660or_stricter_ /var/log/gdm3 .* exclude_symlinks__var_log_gdm3 state_file_permissions_var_log_gdm3_0_mode_0660or_stricter_ /var/log .*lastlog(\.[^\/]+)?$ exclude_symlinks__var_log_lastlog state_file_permissions_var_log_lastlog_0_mode_0664or_stricter_ /var/log .*localmessages([^\/]+)?$ exclude_symlinks__var_log_localmessages state_file_permissions_var_log_localmessages_0_mode_0644or_stricter_ /var/log/messages exclude_symlinks__var_log_messages state_file_permissions_var_log_messages_0_mode_0600or_stricter_ /var/log/secure exclude_symlinks__var_log_secure state_file_permissions_var_log_secure_0_mode_0640or_stricter_ /var/log/sssd .* exclude_symlinks__var_log_sssd state_file_permissions_var_log_sssd_0_mode_0660or_stricter_ /var/log .* exclude_symlinks__var_log_stig state_file_permissions_var_log_stig_0_mode_0640or_stricter_ /var/log/syslog exclude_symlinks__var_log_syslog state_file_permissions_var_log_syslog_0_mode_0640or_stricter_ /var/log .*waagent.log([^\/]+)?$ exclude_symlinks__var_log_waagent state_file_permissions_var_log_waagent_0_mode_0644or_stricter_ /var/log .*(b|w)tmp((\.|-)[^\/]+)?$ exclude_symlinks__var_log_wbtmp state_file_permissions_var_log_wbtmp_0_mode_0664or_stricter_ /etc/ssh/sshd_config.d/50-redhat.conf /etc/firewalld/firewalld.conf ^[ \t]*FirewallBackend=(.+?)[ \t]*(?:$|#) 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(?!.*\bmitigations=off\b.*).*"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(?!.*\bmitigations=off\b).*"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(?!.*\bnosmap\b.*).*"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(?!.*\bnosmap\b).*"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(?!.*\bnosmep\b.*).*"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(?!.*\bnosmep\b).*"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(?!.*\bsystemd.debug-shell\b.*).*"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(?!.*\bsystemd.debug-shell\b).*"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /etc/default/grub.d/[^/]+\.cfg ^\s*GRUB_CMDLINE_LINUX="(.*)"$ 1 /etc/default/grub.d/*.cfg ^\s*GRUB_CMDLINE_LINUX_DEFAULT="(.*)"$ 1 /boot/grub/grub.cfg ^.*/vmlinuz.*(root=.*)$ 1 libpam-pkcs11 /etc/systemd/journald.conf ^[ \t]*Compress=(.+?)[ \t]*(?:$|#) 1 /etc/systemd/journald.conf ^[ \t]*ForwardToSyslog=(.+?)[ \t]*(?:$|#) 1 /etc/systemd/journald.conf ^[ \t]*ForwardToSyslog=(.+?)[ \t]*(?:$|#) 1 /etc/systemd/journald.conf ^[ \t]*Storage=(.+?)[ \t]*(?:$|#) 1 ^/boot/config-.*$ ^CONFIG_ACPI_CUSTOM_METHOD="?(.*?)"?$ 1 local_var_config_acpi_custom_method_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_ARM64_SW_TTBR0_PAN="?(.*?)"?$ 1 local_var_config_arm64_sw_ttbr0_pan_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_BINFMT_MISC="?(.*?)"?$ 1 local_var_config_binfmt_misc_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_BUG="?(.*?)"?$ 1 local_var_config_bug_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_BUG_ON_DATA_CORRUPTION="?(.*?)"?$ 1 local_var_config_bug_on_data_corruption_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_COMPAT_BRK="?(.*?)"?$ 1 local_var_config_compat_brk_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_COMPAT_VDSO="?(.*?)"?$ 1 local_var_config_compat_vdso_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_DEBUG_CREDENTIALS="?(.*?)"?$ 1 local_var_config_debug_credentials_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_DEBUG_FS="?(.*?)"?$ 1 local_var_config_debug_fs_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_DEBUG_LIST="?(.*?)"?$ 1 local_var_config_debug_list_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_DEBUG_NOTIFIERS="?(.*?)"?$ 1 local_var_config_debug_notifiers_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_DEBUG_SG="?(.*?)"?$ 1 local_var_config_debug_sg_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_DEBUG_WX="?(.*?)"?$ 1 local_var_config_debug_wx_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_DEVKMEM="?(.*?)"?$ 1 local_var_config_devkmem_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_FORTIFY_SOURCE="?(.*?)"?$ 1 local_var_config_fortify_source_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_GCC_PLUGIN_LATENT_ENTROPY="?(.*?)"?$ 1 local_var_config_gcc_plugin_latent_entropy_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_GCC_PLUGIN_RANDSTRUCT="?(.*?)"?$ 1 local_var_config_gcc_plugin_randstruct_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_GCC_PLUGIN_STACKLEAK="?(.*?)"?$ 1 local_var_config_gcc_plugin_stackleak_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_GCC_PLUGIN_STRUCTLEAK="?(.*?)"?$ 1 local_var_config_gcc_plugin_structleak_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL="?(.*?)"?$ 1 local_var_config_gcc_plugin_structleak_byref_all_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_HARDENED_USERCOPY="?(.*?)"?$ 1 local_var_config_hardened_usercopy_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_HARDENED_USERCOPY_FALLBACK="?(.*?)"?$ 1 local_var_config_hardened_usercopy_fallback_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_HIBERNATION="?(.*?)"?$ 1 local_var_config_hibernation_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_IA32_EMULATION="?(.*?)"?$ 1 local_var_config_ia32_emulation_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_IPV6="?(.*?)"?$ 1 local_var_config_ipv6_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_KEXEC="?(.*?)"?$ 1 local_var_config_kexec_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_LEGACY_PTYS="?(.*?)"?$ 1 local_var_config_legacy_ptys_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_LEGACY_VSYSCALL_EMULATE="?(.*?)"?$ 1 local_var_config_legacy_vsyscall_emulate_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_LEGACY_VSYSCALL_NONE="?(.*?)"?$ 1 local_var_config_legacy_vsyscall_none_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_LEGACY_VSYSCALL_XONLY="?(.*?)"?$ 1 local_var_config_legacy_vsyscall_xonly_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_MODIFY_LDT_SYSCALL="?(.*?)"?$ 1 local_var_config_modify_ldt_syscall_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_MODULE_SIG="?(.*?)"?$ 1 local_var_config_module_sig_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_MODULE_SIG_ALL="?(.*?)"?$ 1 local_var_config_module_sig_all_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_MODULE_SIG_FORCE="?(.*?)"?$ 1 local_var_config_module_sig_force_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_MODULE_SIG_HASH="?(.*?)"?$ 1 local_var_config_module_sig_hash_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_MODULE_SIG_KEY="?(.*?)"?$ 1 local_var_config_module_sig_key_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_MODULE_SIG_SHA512="?(.*?)"?$ 1 local_var_config_module_sig_sha512_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_PAGE_POISONING="?(.*?)"?$ 1 local_var_config_page_poisoning_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_PAGE_POISONING_NO_SANITY="?(.*?)"?$ 1 local_var_config_page_poisoning_no_sanity_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_PAGE_POISONING_ZERO="?(.*?)"?$ 1 local_var_config_page_poisoning_zero_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_PAGE_TABLE_ISOLATION="?(.*?)"?$ 1 local_var_config_page_table_isolation_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_PANIC_ON_OOPS="?(.*?)"?$ 1 local_var_config_panic_on_oops_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_PANIC_TIMEOUT="?(.*?)"?$ 1 local_var_config_panic_timeout_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_PROC_KCORE="?(.*?)"?$ 1 local_var_config_proc_kcore_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_RANDOMIZE_BASE="?(.*?)"?$ 1 local_var_config_randomize_base_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_RANDOMIZE_MEMORY="?(.*?)"?$ 1 local_var_config_randomize_memory_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_REFCOUNT_FULL="?(.*?)"?$ 1 local_var_config_refcount_full_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_RETPOLINE="?(.*?)"?$ 1 local_var_config_retpoline_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_SCHED_STACK_END_CHECK="?(.*?)"?$ 1 local_var_config_sched_stack_end_check_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_SECCOMP="?(.*?)"?$ 1 local_var_config_seccomp_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_SECCOMP_FILTER="?(.*?)"?$ 1 local_var_config_seccomp_filter_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_SECURITY="?(.*?)"?$ 1 local_var_config_security_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_SECURITY_DMESG_RESTRICT="?(.*?)"?$ 1 local_var_config_security_dmesg_restrict_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_SECURITY_WRITABLE_HOOKS="?(.*?)"?$ 1 local_var_config_security_writable_hooks_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_SECURITY_YAMA="?(.*?)"?$ 1 local_var_config_security_yama_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_SLAB_FREELIST_HARDENED="?(.*?)"?$ 1 local_var_config_slab_freelist_hardened_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_SLAB_FREELIST_RANDOM="?(.*?)"?$ 1 local_var_config_slab_freelist_random_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_SLAB_MERGE_DEFAULT="?(.*?)"?$ 1 local_var_config_slab_merge_default_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_SLUB_DEBUG="?(.*?)"?$ 1 local_var_config_slub_debug_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_STACKPROTECTOR="?(.*?)"?$ 1 local_var_config_stackprotector_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_STACKPROTECTOR_STRONG="?(.*?)"?$ 1 local_var_config_stackprotector_strong_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_STRICT_KERNEL_RWX="?(.*?)"?$ 1 local_var_config_strict_kernel_rwx_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_STRICT_MODULE_RWX="?(.*?)"?$ 1 local_var_config_strict_module_rwx_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_SYN_COOKIES="?(.*?)"?$ 1 local_var_config_syn_cookies_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_UNMAP_KERNEL_AT_EL0="?(.*?)"?$ 1 local_var_config_unmap_kernel_at_el0_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_VMAP_STACK="?(.*?)"?$ 1 local_var_config_vmap_stack_count_kernels_installed /boot ^config-.*$ ^/boot/config-.*$ ^CONFIG_X86_VSYSCALL_EMULATION="?(.*?)"?$ 1 local_var_config_x86_vsyscall_emulation_count_kernels_installed /boot ^config-.*$ ^.*\.conf$ ^\s*install\s+atm\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+atm$ 1 ^.*\.conf$ ^\s*install\s+bluetooth\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+bluetooth$ 1 ^.*\.conf$ ^\s*install\s+can\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+can$ 1 ^.*\.conf$ ^\s*install\s+cfg80211\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+cfg80211$ 1 ^.*\.conf$ ^\s*install\s+cramfs\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+cramfs$ 1 ^.*\.conf$ ^\s*install\s+dccp\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+dccp$ 1 ^.*\.conf$ ^\s*install\s+firewire-core\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+firewire-core$ 1 ^.*\.conf$ ^\s*install\s+freevxfs\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+freevxfs$ 1 ^.*\.conf$ ^\s*install\s+hfs\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+hfs$ 1 ^.*\.conf$ ^\s*install\s+hfsplus\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+hfsplus$ 1 ^.*\.conf$ ^\s*install\s+iwlmvm\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+iwlmvm$ 1 ^.*\.conf$ ^\s*install\s+iwlwifi\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+iwlwifi$ 1 ^.*\.conf$ ^\s*install\s+jffs2\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+jffs2$ 1 ^.*\.conf$ ^\s*install\s+mac80211\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+mac80211$ 1 ^.*\.conf$ ^\s*install\s+overlayfs\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+overlayfs$ 1 ^.*\.conf$ ^\s*install\s+rds\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+rds$ 1 ^.*\.conf$ ^\s*install\s+sctp\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+sctp$ 1 ^.*\.conf$ ^\s*install\s+squashfs\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+squashfs$ 1 ^.*\.conf$ ^\s*install\s+tipc\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+tipc$ 1 ^.*\.conf$ ^\s*install\s+udf\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+udf$ 1 ^.*\.conf$ ^\s*install\s+usb-storage\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+usb-storage$ 1 ^.*\.conf$ ^\s*install\s+uvcvideo\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+uvcvideo$ 1 ^.*\.conf$ ^\s*install\s+vfat\s+(/bin/false|/bin/true)$ 1 ^.*\.conf$ ^blacklist\s+vfat$ 1 /boot/efi /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/boot/efi[\s]+[\S]+[\s]+([\S]+) 1 /boot /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/boot[\s]+[\S]+[\s]+([\S]+) 1 /boot /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/boot[\s]+[\S]+[\s]+([\S]+) 1 /boot /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/boot[\s]+[\S]+[\s]+([\S]+) 1 /boot /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/boot[\s]+[\S]+[\s]+([\S]+) 1 /dev/shm /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/dev/shm[\s]+[\S]+[\s]+([\S]+) 1 /dev/shm /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/dev/shm[\s]+[\S]+[\s]+([\S]+) 1 /dev/shm /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/dev/shm[\s]+[\S]+[\s]+([\S]+) 1 /home /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/home[\s]+[\S]+[\s]+([\S]+) 1 /home /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/home[\s]+[\S]+[\s]+([\S]+) 1 /home /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/home[\s]+[\S]+[\s]+([\S]+) 1 /home /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/home[\s]+[\S]+[\s]+([\S]+) 1 /home /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/home[\s]+[\S]+[\s]+([\S]+) 1 /etc/fstab ^\s*\[?[\.\w:-]+\]?[:=][/\w-]+\s+[/\w\\-]+\s+nfs[4]?\s+(.*)$ 0 /etc/fstab ^\s*\[?[\.\w:-]+\]?[:=][/\w-]+\s+[/\w\\-]+\s+nfs[4]?\s+(.*)$ 0 /etc/fstab 1 /etc/fstab 1 /etc/fstab ^\s*\[?[\.\w:-]+\]?[:=][/\w-]+\s+[/\w\\-]+\s+nfs[4]?\s+(.*)$ 0 /etc/fstab 1 /etc/fstab 1 /etc/fstab ^\s*\[?[\.\w:-]+\]?[:=][/\w-]+\s+[/\w\\-]+\s+nfs[4]?\s+(.*)$ 0 /etc/fstab 1 /etc/fstab 1 /opt /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/opt[\s]+[\S]+[\s]+([\S]+) 1 /proc /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/proc[\s]+[\S]+[\s]+([\S]+) 1 /srv /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/srv[\s]+[\S]+[\s]+([\S]+) 1 /tmp /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/tmp[\s]+[\S]+[\s]+([\S]+) 1 /tmp /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/tmp[\s]+[\S]+[\s]+([\S]+) 1 /tmp /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/tmp[\s]+[\S]+[\s]+([\S]+) 1 /var/log/audit /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/var/log/audit[\s]+[\S]+[\s]+([\S]+) 1 /var/log/audit /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/var/log/audit[\s]+[\S]+[\s]+([\S]+) 1 /var/log/audit /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/var/log/audit[\s]+[\S]+[\s]+([\S]+) 1 /var/log /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/var/log[\s]+[\S]+[\s]+([\S]+) 1 /var/log /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/var/log[\s]+[\S]+[\s]+([\S]+) 1 /var/log /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/var/log[\s]+[\S]+[\s]+([\S]+) 1 /var /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/var[\s]+[\S]+[\s]+([\S]+) 1 /var /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/var[\s]+[\S]+[\s]+([\S]+) 1 /var /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/var[\s]+[\S]+[\s]+([\S]+) 1 /var/tmp /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/var/tmp[\s]+[\S]+[\s]+([\S]+) 1 /var/tmp /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/var/tmp[\s]+[\S]+[\s]+([\S]+) 1 /var/tmp /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/var/tmp[\s]+[\S]+[\s]+([\S]+) 1 /etc/NetworkManager/NetworkManager.conf ^\s*\[main\].*(?:\n\s*[^[\s].*)*\n^[ \t]*dns\h*=\h*(.+?)[ \t]*(?:$|#) 1 /etc/NetworkManager/conf.d .*\.conf$ ^\s*\[main\].*(?:\n\s*[^[\s].*)*\n^[ \t]*dns\h*=\h*(.+?)[ \t]*(?:$|#) 1 ^/etc/NetworkManager/NetworkManager.conf 389-ds-base GConf2 MFEhiplsm SuSEfirewall2 abrt-addon-ccpp abrt-addon-kerneloops abrt-addon-python abrt-cli abrt-libs abrt-plugin-logger abrt-plugin-rhtsupport abrt-plugin-sosreport abrt-server-info-page abrt aide apparmor-utils apparmor audispd-plugins audit-libs auditd autofs avahi-autoipd avahi-daemon avahi-daemon bind9 binutils var_timesync_service chrony cron crypto-policies cryptsetup cups cyrus-imapd dconf-service dhcp-client isc-dhcp-server dnf-automatic dnf-plugin-subscription-manager dnsmasq docker dovecot-core esc fapolicyd firewalld firewalld freeradius ftp gdm3 gdm3 geolite2-city geolite2-country glibc gnome-software gnutls-utils gssproxy apache2 inetutils-telnet inetutils-telnetd iprutils iptables-nft var_network_filtering_service iptables-persistent iptables-persistent iptables-services iptables-services var_network_filtering_service iptables kea krb5-server krb5-workstation libcap-ng-utils libdnf-plugin-subscription-manager libreport-plugin-logger libreport-plugin-rhtsupport libreswan libselinux logrotate mailx mfetp mcstrans snmp nfs-kernel-server nfs-utils var_network_filtering_service nftables nftables nginx nis nss-tools libnss-sss ntp ntp ntpdate ldap-utils slapd opensc-pkcs11 openscap-scanner openssh-clients openssh-server openssh-server openssh openssh pam_apparmor pam_ldap libpam-modules libpam-pwquality libpam-runtime libpam-sss pcsc-lite-ccid pcsc-lite pigz policycoreutils-python-utils policycoreutils postfix prelink psacct python3-abrt-addon quagga rear rng-tools rpcbind rsh-server rsh-client rsync rsyslog-gnutls rsyslog s-nail samba-common samba-common samba scap-security-guide screen sendmail setroubleshoot-plugins setroubleshoot-server setroubleshoot squid sssd-ipa sssd strongswan subscription-manager sudo syslog-ng systemd-journal-remote talk-server talk tar tcp_wrappers tcpd telnet-server telnet telnetd-ssl telnetd tftpd-hpa tftp var_timesync_service systemd-timesyncd var_timesync_service systemd-timesyncd tmux tnftp tuned var_network_filtering_service ufw var_network_filtering_service ufw unbound usbguard uuidd vim-enhanced vsftpd vsftpd xinetd xserver-common ypbind ypserv /boot /dev/shm /home /opt /srv /tmp /usr /var /var/log /var/log/audit /var/tmp /var/log .* exclude_files_permissions_local_var_log_0 exclude_files_permissions_local_var_log_1 exclude_files_permissions_local_var_log_2 exclude_files_permissions_local_var_log_3 exclude_files_permissions_local_var_log_4 exclude_files_permissions_local_var_log_5 exclude_files_permissions_local_var_log_6 exclude_symlinks_permissions_local_var_log state_file_permissionspermissions_local_var_log_0_mode_0640or_stricter_ /etc/rsyslog.conf ^(?:include\([\n\s]*file="([^\s;]+)".*|\$IncludeConfig[\s]+([^\s;]+))$ 1 var_rsyslog_files_groupownership_include_config_regex var_rsyslog_files_groupownership_syslog_config object_var_rsyslog_files_groupownership_include_config_regex object_var_rsyslog_files_groupownership_syslog_config ^\s*[^(\s|#|\$)]+\s+.*(?:\bFile="|\s|\/|-)(\/[^:;\s"]+).*$ 1 state_rsyslog_files_groupownership_ignore_include_paths /etc/group ^adm:\w+:(\w+):.* 1 /etc/rsyslog.conf ^(?:include\([\n\s]*file="([^\s;]+)".*|\$IncludeConfig[\s]+([^\s;]+))$ 1 var_rsyslog_files_ownership_include_config_regex var_rsyslog_files_ownership_syslog_config object_var_rsyslog_files_ownership_include_config_regex object_var_rsyslog_files_ownership_syslog_config ^\s*[^(\s|#|\$)]+\s+.*(?:\bFile="|\s|\/|-)(\/[^:;\s"]+).*$ 1 state_rsyslog_files_ownership_ignore_include_paths /etc/passwd ^syslog:\w+:(\w+):.* 1 /etc/rsyslog.conf ^(?:include\([\n\s]*file="([^\s;]+)".*|\$IncludeConfig[\s]+([^\s;]+))$ 1 var_rsyslog_files_permissions_include_config_regex var_rsyslog_files_permissions_syslog_config object_var_rsyslog_files_permissions_include_config_regex object_var_rsyslog_files_permissions_syslog_config ^\s*[^(\s|#|\$)]+\s+.*(?:\bFile="|\s|\/|-)(\/[^:;\s"]+).*$ 1 state_rsyslog_files_permissions_ignore_include_paths abrt_anon_write abrt_handle_event abrt_upload_watch_anon_write antivirus_can_scan_system antivirus_use_jit auditadm_exec_content authlogin_nsswitch_use_ldap authlogin_radius authlogin_yubikey awstats_purge_apache_log_files boinc_execmem cdrecord_read_content cluster_can_network_connect cluster_manage_all_files cluster_use_execmem cobbler_anon_write cobbler_can_network_connect cobbler_use_cifs cobbler_use_nfs collectd_tcp_network_connect condor_tcp_network_connect conman_can_network container_connect_any cron_can_relabel cron_system_cronjob_use_shares cron_userdomain_transition cups_execmem cvs_read_shadow daemons_dump_core daemons_enable_cluster_mode daemons_use_tcp_wrapper daemons_use_tty dbadm_exec_content dbadm_manage_user_files dbadm_read_user_files deny_execmem deny_ptrace dhcpc_exec_iptables dhcpd_use_ldap domain_fd_use domain_kernel_load_modules entropyd_use_audio exim_can_connect_db exim_manage_user_files exim_read_user_files fcron_crond fenced_can_network_connect fenced_can_ssh fips_mode ftpd_anon_write ftpd_connect_all_unreserved ftpd_connect_db ftpd_full_access ftpd_use_cifs ftpd_use_fusefs ftpd_use_nfs ftpd_use_passive_mode git_cgi_enable_homedirs git_cgi_use_cifs git_cgi_use_nfs git_session_bind_all_unreserved_ports git_session_users git_system_enable_homedirs git_system_use_cifs git_system_use_nfs gitosis_can_sendmail glance_api_can_network glance_use_execmem glance_use_fusefs global_ssp gluster_anon_write gluster_export_all_ro gluster_export_all_rw gpg_web_anon_write gssd_read_tmp guest_exec_content haproxy_connect_any httpd_anon_write httpd_builtin_scripting httpd_can_check_spam httpd_can_connect_ftp httpd_can_connect_ldap httpd_can_connect_mythtv httpd_can_connect_zabbix httpd_can_network_connect httpd_can_network_connect_cobbler httpd_can_network_connect_db httpd_can_network_memcache httpd_can_network_relay httpd_can_sendmail httpd_dbus_avahi httpd_dbus_sssd httpd_dontaudit_search_dirs httpd_enable_cgi httpd_enable_ftp_server httpd_enable_homedirs httpd_execmem httpd_graceful_shutdown httpd_manage_ipa httpd_mod_auth_ntlm_winbind httpd_mod_auth_pam httpd_read_user_content httpd_run_ipa httpd_run_preupgrade httpd_run_stickshift httpd_serve_cobbler_files httpd_setrlimit httpd_ssi_exec httpd_sys_script_anon_write httpd_tmp_exec httpd_tty_comm httpd_unified httpd_use_cifs httpd_use_fusefs httpd_use_gpg httpd_use_nfs httpd_use_openstack httpd_use_sasl httpd_verify_dns icecast_use_any_tcp_ports irc_use_any_tcp_ports irssi_use_full_network kdumpgui_run_bootloader kerberos_enabled ksmtuned_use_cifs ksmtuned_use_nfs logadm_exec_content logging_syslogd_can_sendmail logging_syslogd_run_nagios_plugins logging_syslogd_use_tty login_console_enabled logrotate_use_nfs logwatch_can_network_connect_mail lsmd_plugin_connect_any mailman_use_fusefs mcelog_client mcelog_exec_scripts mcelog_foreground mcelog_server minidlna_read_generic_user_content mmap_low_allowed mock_enable_homedirs mount_anyfile mozilla_plugin_bind_unreserved_ports mozilla_plugin_can_network_connect mozilla_plugin_use_bluejeans mozilla_plugin_use_gps mozilla_plugin_use_spice mozilla_read_content mpd_enable_homedirs mpd_use_cifs mpd_use_nfs mplayer_execstack mysql_connect_any nagios_run_pnp4nagios nagios_run_sudo named_tcp_bind_http_port named_write_master_zones neutron_can_network nfs_export_all_ro nfs_export_all_rw nfsd_anon_write nis_enabled nscd_use_shm openshift_use_nfs openvpn_can_network_connect openvpn_enable_homedirs openvpn_run_unconfined pcp_bind_all_unreserved_ports pcp_read_generic_logs piranha_lvs_can_network_connect polipo_connect_all_unreserved polipo_session_bind_all_unreserved_ports polipo_session_users polipo_use_cifs polipo_use_nfs polyinstantiation_enabled postfix_local_write_mail_spool postgresql_can_rsync postgresql_selinux_transmit_client_label postgresql_selinux_unconfined_dbadm postgresql_selinux_users_ddl pppd_can_insmod pppd_for_user privoxy_connect_any prosody_bind_http_port puppetagent_manage_all_files puppetmaster_use_db racoon_read_shadow rsync_anon_write rsync_client rsync_export_all_ro rsync_full_access samba_create_home_dirs samba_domain_controller samba_enable_home_dirs samba_export_all_ro samba_export_all_rw samba_load_libgfapi samba_portmapper samba_run_unconfined samba_share_fusefs samba_share_nfs sanlock_use_fusefs sanlock_use_nfs sanlock_use_samba saslauthd_read_shadow secadm_exec_content secure_mode secure_mode_insmod secure_mode_policyload selinuxuser_direct_dri_enabled selinuxuser_execheap selinuxuser_execmod selinuxuser_execstack selinuxuser_mysql_connect_enabled selinuxuser_ping selinuxuser_postgresql_connect_enabled selinuxuser_rw_noexattrfile selinuxuser_share_music selinuxuser_tcp_server selinuxuser_udp_server selinuxuser_use_ssh_chroot sge_domain_can_network_connect sge_use_nfs smartmon_3ware smbd_anon_write spamassassin_can_network spamd_enable_home_dirs squid_connect_any squid_use_tproxy ssh_chroot_rw_homedirs ssh_keysign ssh_sysadm_login staff_exec_content staff_use_svirt swift_can_network sysadm_exec_content telepathy_connect_all_ports telepathy_tcp_connect_generic_network_ports tftp_anon_write tftp_home_dir tmpreaper_use_nfs tmpreaper_use_samba tor_bind_all_unreserved_ports tor_can_network_relay unconfined_chrome_sandbox_transition unconfined_login unconfined_mozilla_plugin_transition unprivuser_use_svirt use_ecryptfs_home_dirs use_fusefs_home_dirs use_lpd_server use_nfs_home_dirs use_samba_home_dirs user_exec_content varnishd_connect_any virt_read_qemu_ga_data virt_rw_qemu_ga_data virt_sandbox_use_all_caps virt_sandbox_use_audit virt_sandbox_use_mknod virt_sandbox_use_netlink virt_sandbox_use_sys_admin virt_transition_userdomain virt_use_comm virt_use_execmem virt_use_fusefs virt_use_nfs virt_use_rawip virt_use_samba virt_use_sanlock virt_use_usb virt_use_xserver webadm_manage_user_files webadm_read_user_files wine_mmap_zero_ignore xdm_bind_vnc_tcp_port xdm_exec_bootloader xdm_sysadm_login xdm_write_home xen_use_nfs xend_run_blktap xend_run_qemu xguest_connect_network xguest_exec_content xguest_mount_media xguest_use_bluetooth xserver_clients_write_xshm xserver_execmem xserver_object_manager zabbix_can_network zarafa_setrlimit zebra_write_config zoneminder_anon_write zoneminder_run_sudo /etc/selinux/config ^SELINUXTYPE=(.+?)[ \t]*(?:$|#) 1 ^/etc/selinux/config multi-user.target multi-user.target ^SuSEfirewall2\.(socket|service)$ ActiveState SuSEfirewall2 ^abrtd\.(service|socket)$ ActiveState ^abrtd\.(service|socket)$ LoadState abrt ^acpid\.(service|socket)$ ActiveState ^acpid\.(service|socket)$ LoadState acpid ^apport\.(service|socket)$ ActiveState ^apport\.(service|socket)$ LoadState apport ^atd\.(service|socket)$ ActiveState ^atd\.(service|socket)$ LoadState at multi-user.target multi-user.target ^auditd\.(socket|service)$ ActiveState auditd ^autofs\.(service|socket)$ ActiveState ^autofs\.(service|socket)$ LoadState autofs ^avahi-daemon\.(service|socket)$ ActiveState ^avahi-daemon\.(service|socket)$ LoadState avahi-daemon ^bluetooth\.(service|socket)$ ActiveState ^bluetooth\.(service|socket)$ LoadState bluez ^certmonger\.(service|socket)$ ActiveState ^certmonger\.(service|socket)$ LoadState certmonger var_timesync_service ^chrony\.(service|socket)$ ActiveState ^chrony\.(service|socket)$ LoadState chrony multi-user.target multi-user.target ^chrony\.(socket|service)$ ActiveState var_timesync_service chrony ^cockpit\.(service|socket)$ ActiveState ^cockpit\.(service|socket)$ LoadState cockpit ^cpupower\.(service|socket)$ ActiveState ^cpupower\.(service|socket)$ LoadState kernel-tools multi-user.target multi-user.target ^cron\.(socket|service)$ ActiveState cron multi-user.target multi-user.target ^crond\.(socket|service)$ ActiveState cronie ^cups\.(service|socket)$ ActiveState ^cups\.(service|socket)$ LoadState cups ^debug-shell\.(service|socket)$ ActiveState ^debug-shell\.(service|socket)$ LoadState systemd ^dhcpd6\.(service|socket)$ ActiveState ^dhcpd6\.(service|socket)$ LoadState dhcp ^dhcpd\.(service|socket)$ ActiveState ^dhcpd\.(service|socket)$ LoadState dhcp ^dnsmasq\.(service|socket)$ ActiveState ^dnsmasq\.(service|socket)$ LoadState dnsmasq multi-user.target multi-user.target ^docker\.(socket|service)$ ActiveState docker ^dovecot\.(service|socket)$ ActiveState ^dovecot\.(service|socket)$ LoadState dovecot multi-user.target multi-user.target ^fapolicyd\.(socket|service)$ ActiveState fapolicyd ^firewalld\.(service|socket)$ ActiveState ^firewalld\.(service|socket)$ LoadState firewalld multi-user.target multi-user.target ^firewalld\.(socket|service)$ ActiveState firewalld ^apache2\.(service|socket)$ ActiveState ^apache2\.(service|socket)$ LoadState apache2 multi-user.target multi-user.target ^ip6tables\.(socket|service)$ ActiveState iptables-ipv6 multi-user.target multi-user.target ^iptables\.(socket|service)$ ActiveState iptables ^kdump-tools\.(service|socket)$ ActiveState ^kdump-tools\.(service|socket)$ LoadState kexec-tools ^mdmonitor\.(service|socket)$ ActiveState ^mdmonitor\.(service|socket)$ LoadState mdadm multi-user.target multi-user.target ^nails\.(socket|service)$ ActiveState nails ^named\.(service|socket)$ ActiveState ^named\.(service|socket)$ LoadState bind ^netconsole\.(service|socket)$ ActiveState ^netconsole\.(service|socket)$ LoadState netconsole ^netfs\.(service|socket)$ ActiveState ^netfs\.(service|socket)$ LoadState netfs ^nfs-server\.(service|socket)$ ActiveState ^nfs-server\.(service|socket)$ LoadState nfs-utils ^nfslock\.(service|socket)$ ActiveState ^nfslock\.(service|socket)$ LoadState nfs-utils ^nftables\.(service|socket)$ ActiveState ^nftables\.(service|socket)$ LoadState nftables multi-user.target multi-user.target ^nftables\.(socket|service)$ ActiveState nftables ^nginx\.(service|socket)$ ActiveState ^nginx\.(service|socket)$ LoadState nginx multi-user.target multi-user.target ^ntp\.(socket|service)$ ActiveState ntp multi-user.target multi-user.target ^ntpd\.(socket|service)$ ActiveState ntp ^ntpdate\.(service|socket)$ ActiveState ^ntpdate\.(service|socket)$ LoadState ntpdate ^oddjobd\.(service|socket)$ ActiveState ^oddjobd\.(service|socket)$ LoadState oddjob multi-user.target multi-user.target ^pcscd\.(socket|service)$ ActiveState pcsc-lite ^portreserve\.(service|socket)$ ActiveState ^portreserve\.(service|socket)$ LoadState portreserve multi-user.target multi-user.target ^postfix\.(socket|service)$ ActiveState postfix multi-user.target multi-user.target ^psacct\.(socket|service)$ ActiveState psacct ^qpidd\.(service|socket)$ ActiveState ^qpidd\.(service|socket)$ LoadState qpid-cpp-server ^quota_nld\.(service|socket)$ ActiveState ^quota_nld\.(service|socket)$ LoadState quota-nld ^rdisc\.(service|socket)$ ActiveState ^rdisc\.(service|socket)$ LoadState iputils ^rexec\.(service|socket)$ ActiveState ^rexec\.(service|socket)$ LoadState rsh-server ^rhnsd\.(service|socket)$ ActiveState ^rhnsd\.(service|socket)$ LoadState rhnsd ^rhsmcertd\.(service|socket)$ ActiveState ^rhsmcertd\.(service|socket)$ LoadState subscription-manager ^rlogin\.(service|socket)$ ActiveState ^rlogin\.(service|socket)$ LoadState rsh-server multi-user.target multi-user.target ^rngd\.(socket|service)$ ActiveState rng-tools ^rpcbind\.(service|socket)$ ActiveState ^rpcbind\.(service|socket)$ LoadState rpcbind ^rpcgssd\.(service|socket)$ ActiveState ^rpcgssd\.(service|socket)$ LoadState nfs-utils ^rpcidmapd\.(service|socket)$ ActiveState ^rpcidmapd\.(service|socket)$ LoadState nfs-utils ^rpcsvcgssd\.(service|socket)$ ActiveState ^rpcsvcgssd\.(service|socket)$ LoadState nfs-utils ^rsh\.(service|socket)$ ActiveState ^rsh\.(service|socket)$ LoadState rsh ^rsyncd\.(service|socket)$ ActiveState ^rsyncd\.(service|socket)$ LoadState rsync-daemon multi-user.target multi-user.target ^rsyslog\.(socket|service)$ ActiveState rsyslog ^saslauthd\.(service|socket)$ ActiveState ^saslauthd\.(service|socket)$ LoadState cyrus-sasl ^slapd\.(service|socket)$ ActiveState ^slapd\.(service|socket)$ LoadState openldap-servers ^smbd\.(service|socket)$ ActiveState ^smbd\.(service|socket)$ LoadState samba ^snmpd\.(service|socket)$ ActiveState ^snmpd\.(service|socket)$ LoadState net-snmp ^squid\.(service|socket)$ ActiveState ^squid\.(service|socket)$ LoadState squid ^sshd\.(service|socket)$ ActiveState ^sshd\.(service|socket)$ LoadState openssh-server multi-user.target multi-user.target ^ssh\.(socket|service)$ ActiveState openssh-server multi-user.target multi-user.target ^sssd\.(socket|service)$ ActiveState sssd-common ^syslog\.(service|socket)$ ActiveState ^syslog\.(service|socket)$ LoadState rsyslog multi-user.target multi-user.target ^syslog-ng\.(socket|service)$ ActiveState syslog-ng ^sysstat\.(service|socket)$ ActiveState ^sysstat\.(service|socket)$ LoadState sysstat ^systemd-coredump.socket$ LoadState multi-user.target multi-user.target ^systemd-journal-upload\.(socket|service)$ ActiveState systemd-journal-remote multi-user.target multi-user.target ^systemd-journald\.(socket|service)$ ActiveState systemd ^telnet\.(service|socket)$ ActiveState ^telnet\.(service|socket)$ LoadState telnet-server ^tftpd-hpa\.(service|socket)$ ActiveState ^tftpd-hpa\.(service|socket)$ LoadState tftpd-hpa var_timesync_service ^systemd-timesyncd\.(service|socket)$ ActiveState ^systemd-timesyncd\.(service|socket)$ LoadState systemd-timesyncd multi-user.target multi-user.target ^systemd-timesyncd\.(socket|service)$ ActiveState var_timesync_service systemd-timesyncd multi-user.target multi-user.target ^ufw\.(socket|service)$ ActiveState var_network_filtering_service ufw multi-user.target multi-user.target ^usbguard\.(socket|service)$ ActiveState usbguard ^vsftpd\.(service|socket)$ ActiveState ^vsftpd\.(service|socket)$ LoadState vsftpd ^xinetd\.(service|socket)$ ActiveState ^xinetd\.(service|socket)$ LoadState xinetd ^ypbind\.(service|socket)$ ActiveState ^ypbind\.(service|socket)$ LoadState ypbind ^ypserv\.(service|socket)$ ActiveState ^ypserv\.(service|socket)$ LoadState ypserv ^zebra\.(service|socket)$ ActiveState ^zebra\.(service|socket)$ LoadState quagga /etc/firewalld/firewalld.conf ^[\s]*DefaultZone=drop[\s]*$ 1 /etc/pam.d/common-auth ^\s*auth(?:(?!\n)\s)+required(?:(?!\n)\s)+pam_unix.so((?!\n)\s[^\n]+)?(?!\n)\s+sha512((\s+\S+)*\s*\\*\s*)$ 1 /etc/login.defs ^\s*YESCRYPT_COST_FACTOR\s*(.+?)[ \t]*(?:$|#) 1 ^/etc/login.defs ^systemd-journal-remote.socket$ LoadState /etc/ssh/sshd_config ^[ \t]*(?i)Protocol(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)Protocol(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_allow_only_protocol2 obj_sshd_allow_only_protocol2_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)Compression(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)Compression(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_disable_compression obj_sshd_disable_compression_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)PermitEmptyPasswords(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)PermitEmptyPasswords(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_disable_empty_passwords obj_sshd_disable_empty_passwords_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)DisableForwarding(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)DisableForwarding(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_disable_forwarding obj_sshd_disable_forwarding_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)GSSAPIAuthentication(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)GSSAPIAuthentication(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_disable_gssapi_auth obj_sshd_disable_gssapi_auth_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)KerberosAuthentication(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)KerberosAuthentication(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_disable_kerb_auth obj_sshd_disable_kerb_auth_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)PubkeyAuthentication(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)PubkeyAuthentication(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_disable_pubkey_auth obj_sshd_disable_pubkey_auth_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)IgnoreRhosts(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)IgnoreRhosts(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_disable_rhosts obj_sshd_disable_rhosts_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)RhostsRSAAuthentication(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)RhostsRSAAuthentication(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_disable_rhosts_rsa obj_sshd_disable_rhosts_rsa_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)PermitRootLogin(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)PermitRootLogin(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_disable_root_login obj_sshd_disable_root_login_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)PermitRootLogin(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)PermitRootLogin(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_disable_root_password_login obj_sshd_disable_root_password_login_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)AllowTcpForwarding(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)AllowTcpForwarding(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_disable_tcp_forwarding obj_sshd_disable_tcp_forwarding_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)IgnoreUserKnownHosts(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)IgnoreUserKnownHosts(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_disable_user_known_hosts obj_sshd_disable_user_known_hosts_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)X11Forwarding(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)X11Forwarding(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_disable_x11_forwarding obj_sshd_disable_x11_forwarding_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)PermitUserEnvironment(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)PermitUserEnvironment(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_do_not_permit_user_env obj_sshd_do_not_permit_user_env_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)GSSAPIAuthentication(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)GSSAPIAuthentication(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_enable_gssapi_auth obj_sshd_enable_gssapi_auth_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)UsePAM(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)UsePAM(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_enable_pam obj_sshd_enable_pam_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)PubkeyAuthentication(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)PubkeyAuthentication(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_enable_pubkey_auth obj_sshd_enable_pubkey_auth_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)StrictModes(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)StrictModes(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_enable_strictmodes obj_sshd_enable_strictmodes_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)Banner(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)Banner(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_enable_warning_banner obj_sshd_enable_warning_banner_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)Banner(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)Banner(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_enable_warning_banner_net obj_sshd_enable_warning_banner_net_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)X11Forwarding(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)X11Forwarding(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_enable_x11_forwarding obj_sshd_enable_x11_forwarding_config_dir /etc/ssh/sshd_config ^[\s]*Include /etc/ssh/sshd_config\.d/\*\.conf[\s]*$ 1 /etc/ssh/sshd_config ^[ \t]*(?i)PrintLastLog(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)PrintLastLog(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_print_last_log obj_sshd_print_last_log_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)ClientAliveCountMax(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)ClientAliveCountMax(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_set_keepalive obj_sshd_set_keepalive_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)ClientAliveCountMax(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)ClientAliveCountMax(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_set_keepalive_0 obj_sshd_set_keepalive_0_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)LogLevel(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)LogLevel(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_set_loglevel_info obj_sshd_set_loglevel_info_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)LogLevel(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)LogLevel(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_set_loglevel_verbose obj_sshd_set_loglevel_verbose_config_dir /etc/ssh/sshd_config ^[ \t]*(?i)UsePrivilegeSeparation(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)UsePrivilegeSeparation(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_use_priv_separation obj_sshd_use_priv_separation_config_dir /etc/sysconfig/sshd ^[ \t]*SSH_USE_STRONG_RNG=(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config ^[ \t]*(?i)X11UseLocalhost(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 /etc/ssh/sshd_config.d .*\.conf$ ^[ \t]*(?i)X11UseLocalhost(?-i)[ \t]+(.+?)[ \t]*(?:$|#) 1 obj_sshd_x11_use_localhost obj_sshd_x11_use_localhost_config_dir /etc/sssd/sssd.conf ^[\s]*\[certmap\/.+\/.+\][\s]*$ 1 ^/etc/sudoers(|\.d/.*)$ ^[\s]*Defaults\b[^!\n]*\benv_reset.*$ 1 ^/etc/sudoers(|\.d/.*)$ ^[\s]*Defaults\b[^!\n]*\bignore_dot.*$ 1 ^/etc/sudoers(|\.d/.*)$ ^[\s]*Defaults\b[^!\n]*\bnoexec.*$ 1 ^/etc/sudoers(|\.d/.*)$ ^[\s]*Defaults\b[^!\n]*\bpasswd_timeout=(\w+)\b.*$ 1 ^/etc/sudoers(|\.d/.*)$ ^[\s]*Defaults\b[^!\n]*\brequiretty.*$ 1 ^/etc/sudoers(|\.d/.*)$ ^[\s]*Defaults\b[^!\n]*\bumask=(\w+)\b.*$ 1 ^/etc/sudoers(|\.d/.*)$ ^[\s]*Defaults\b[^!\n]*\buse_pty.*$ 1 ^/etc/sudoers(|\.d/.*)$ ^[\s]*Defaults\b[^!\n]*\blogfile\s*=\s*(?:"?([^",\s]+)"?).*$ 1 /usr/bin/sudo exclude_symlinks_sudo_restrict_others_executable_permission state_file_permissionssudo_restrict_others_executable_permission_0_mode_4110or_stricter_ fs.protected_fifos object_static_etc_lib_sysctls_sysctl_fs_protected_fifos object_static_run_usr_local_sysctls_sysctl_fs_protected_fifos object_static_etc_sysctls_sysctl_fs_protected_fifos object_static_sysctl_sysctl_fs_protected_fifos object_static_etc_sysctld_sysctl_fs_protected_fifos object_static_usr_local_lib_sysctld_sysctl_fs_protected_fifos object_static_run_sysctld_sysctl_fs_protected_fifos /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*fs.protected_fifos[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*fs.protected_fifos[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*fs.protected_fifos[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*fs.protected_fifos[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*fs.protected_fifos[\s]*=[\s]*(.*\S)[\s]*$ 1 fs.protected_hardlinks object_static_etc_lib_sysctls_sysctl_fs_protected_hardlinks object_static_run_usr_local_sysctls_sysctl_fs_protected_hardlinks object_static_etc_sysctls_sysctl_fs_protected_hardlinks object_static_sysctl_sysctl_fs_protected_hardlinks object_static_etc_sysctld_sysctl_fs_protected_hardlinks object_static_usr_local_lib_sysctld_sysctl_fs_protected_hardlinks object_static_run_sysctld_sysctl_fs_protected_hardlinks /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*fs.protected_hardlinks[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*fs.protected_hardlinks[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*fs.protected_hardlinks[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*fs.protected_hardlinks[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*fs.protected_hardlinks[\s]*=[\s]*(.*\S)[\s]*$ 1 fs.protected_regular object_static_etc_lib_sysctls_sysctl_fs_protected_regular object_static_run_usr_local_sysctls_sysctl_fs_protected_regular object_static_etc_sysctls_sysctl_fs_protected_regular object_static_sysctl_sysctl_fs_protected_regular object_static_etc_sysctld_sysctl_fs_protected_regular object_static_usr_local_lib_sysctld_sysctl_fs_protected_regular object_static_run_sysctld_sysctl_fs_protected_regular /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*fs.protected_regular[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*fs.protected_regular[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*fs.protected_regular[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*fs.protected_regular[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*fs.protected_regular[\s]*=[\s]*(.*\S)[\s]*$ 1 fs.protected_symlinks object_static_etc_lib_sysctls_sysctl_fs_protected_symlinks object_static_run_usr_local_sysctls_sysctl_fs_protected_symlinks object_static_etc_sysctls_sysctl_fs_protected_symlinks object_static_sysctl_sysctl_fs_protected_symlinks object_static_etc_sysctld_sysctl_fs_protected_symlinks object_static_usr_local_lib_sysctld_sysctl_fs_protected_symlinks object_static_run_sysctld_sysctl_fs_protected_symlinks /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*fs.protected_symlinks[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*fs.protected_symlinks[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*fs.protected_symlinks[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*fs.protected_symlinks[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*fs.protected_symlinks[\s]*=[\s]*(.*\S)[\s]*$ 1 fs.suid_dumpable object_static_etc_lib_sysctls_sysctl_fs_suid_dumpable object_static_run_usr_local_sysctls_sysctl_fs_suid_dumpable object_static_etc_sysctls_sysctl_fs_suid_dumpable object_static_sysctl_sysctl_fs_suid_dumpable object_static_etc_sysctld_sysctl_fs_suid_dumpable object_static_usr_local_lib_sysctld_sysctl_fs_suid_dumpable object_static_run_sysctld_sysctl_fs_suid_dumpable /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*fs.suid_dumpable[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*fs.suid_dumpable[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*fs.suid_dumpable[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*fs.suid_dumpable[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*fs.suid_dumpable[\s]*=[\s]*(.*\S)[\s]*$ 1 kernel.core_pattern object_static_etc_lib_sysctls_sysctl_kernel_core_pattern object_static_run_usr_local_sysctls_sysctl_kernel_core_pattern object_static_etc_sysctls_sysctl_kernel_core_pattern object_static_sysctl_sysctl_kernel_core_pattern object_static_etc_sysctld_sysctl_kernel_core_pattern object_static_usr_local_lib_sysctld_sysctl_kernel_core_pattern object_static_run_sysctld_sysctl_kernel_core_pattern /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*kernel.core_pattern[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*kernel.core_pattern[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*kernel.core_pattern[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.core_pattern[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.core_pattern[\s]*=[\s]*(.*\S)[\s]*$ 1 kernel.core_uses_pid object_static_etc_lib_sysctls_sysctl_kernel_core_uses_pid object_static_run_usr_local_sysctls_sysctl_kernel_core_uses_pid object_static_etc_sysctls_sysctl_kernel_core_uses_pid object_static_sysctl_sysctl_kernel_core_uses_pid object_static_etc_sysctld_sysctl_kernel_core_uses_pid object_static_usr_local_lib_sysctld_sysctl_kernel_core_uses_pid object_static_run_sysctld_sysctl_kernel_core_uses_pid /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*kernel.core_uses_pid[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*kernel.core_uses_pid[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*kernel.core_uses_pid[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.core_uses_pid[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.core_uses_pid[\s]*=[\s]*(.*\S)[\s]*$ 1 kernel.dmesg_restrict object_static_etc_lib_sysctls_sysctl_kernel_dmesg_restrict object_static_run_usr_local_sysctls_sysctl_kernel_dmesg_restrict object_static_etc_sysctls_sysctl_kernel_dmesg_restrict object_static_sysctl_sysctl_kernel_dmesg_restrict object_static_etc_sysctld_sysctl_kernel_dmesg_restrict object_static_usr_local_lib_sysctld_sysctl_kernel_dmesg_restrict object_static_run_sysctld_sysctl_kernel_dmesg_restrict /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*kernel.dmesg_restrict[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*kernel.dmesg_restrict[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*kernel.dmesg_restrict[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.dmesg_restrict[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.dmesg_restrict[\s]*=[\s]*(.*\S)[\s]*$ 1 kernel.kexec_load_disabled object_static_etc_lib_sysctls_sysctl_kernel_kexec_load_disabled object_static_run_usr_local_sysctls_sysctl_kernel_kexec_load_disabled object_static_etc_sysctls_sysctl_kernel_kexec_load_disabled object_static_sysctl_sysctl_kernel_kexec_load_disabled object_static_etc_sysctld_sysctl_kernel_kexec_load_disabled object_static_usr_local_lib_sysctld_sysctl_kernel_kexec_load_disabled object_static_run_sysctld_sysctl_kernel_kexec_load_disabled /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*kernel.kexec_load_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*kernel.kexec_load_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*kernel.kexec_load_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.kexec_load_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.kexec_load_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 kernel.kptr_restrict object_static_etc_lib_sysctls_sysctl_kernel_kptr_restrict object_static_run_usr_local_sysctls_sysctl_kernel_kptr_restrict object_static_etc_sysctls_sysctl_kernel_kptr_restrict object_static_sysctl_sysctl_kernel_kptr_restrict object_static_etc_sysctld_sysctl_kernel_kptr_restrict object_static_usr_local_lib_sysctld_sysctl_kernel_kptr_restrict object_static_run_sysctld_sysctl_kernel_kptr_restrict /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*kernel.kptr_restrict[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*kernel.kptr_restrict[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*kernel.kptr_restrict[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.kptr_restrict[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.kptr_restrict[\s]*=[\s]*(.*\S)[\s]*$ 1 kernel.modules_disabled object_static_etc_lib_sysctls_sysctl_kernel_modules_disabled object_static_run_usr_local_sysctls_sysctl_kernel_modules_disabled object_static_etc_sysctls_sysctl_kernel_modules_disabled object_static_sysctl_sysctl_kernel_modules_disabled object_static_etc_sysctld_sysctl_kernel_modules_disabled object_static_usr_local_lib_sysctld_sysctl_kernel_modules_disabled object_static_run_sysctld_sysctl_kernel_modules_disabled /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*kernel.modules_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*kernel.modules_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*kernel.modules_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.modules_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.modules_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 kernel.panic_on_oops object_static_etc_lib_sysctls_sysctl_kernel_panic_on_oops object_static_run_usr_local_sysctls_sysctl_kernel_panic_on_oops object_static_etc_sysctls_sysctl_kernel_panic_on_oops object_static_sysctl_sysctl_kernel_panic_on_oops object_static_etc_sysctld_sysctl_kernel_panic_on_oops object_static_usr_local_lib_sysctld_sysctl_kernel_panic_on_oops object_static_run_sysctld_sysctl_kernel_panic_on_oops /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*kernel.panic_on_oops[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*kernel.panic_on_oops[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*kernel.panic_on_oops[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.panic_on_oops[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.panic_on_oops[\s]*=[\s]*(.*\S)[\s]*$ 1 kernel.perf_cpu_time_max_percent object_static_etc_lib_sysctls_sysctl_kernel_perf_cpu_time_max_percent object_static_run_usr_local_sysctls_sysctl_kernel_perf_cpu_time_max_percent object_static_etc_sysctls_sysctl_kernel_perf_cpu_time_max_percent object_static_sysctl_sysctl_kernel_perf_cpu_time_max_percent object_static_etc_sysctld_sysctl_kernel_perf_cpu_time_max_percent object_static_usr_local_lib_sysctld_sysctl_kernel_perf_cpu_time_max_percent object_static_run_sysctld_sysctl_kernel_perf_cpu_time_max_percent /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*kernel.perf_cpu_time_max_percent[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*kernel.perf_cpu_time_max_percent[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*kernel.perf_cpu_time_max_percent[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.perf_cpu_time_max_percent[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.perf_cpu_time_max_percent[\s]*=[\s]*(.*\S)[\s]*$ 1 kernel.perf_event_max_sample_rate object_static_etc_lib_sysctls_sysctl_kernel_perf_event_max_sample_rate object_static_run_usr_local_sysctls_sysctl_kernel_perf_event_max_sample_rate object_static_etc_sysctls_sysctl_kernel_perf_event_max_sample_rate object_static_sysctl_sysctl_kernel_perf_event_max_sample_rate object_static_etc_sysctld_sysctl_kernel_perf_event_max_sample_rate object_static_usr_local_lib_sysctld_sysctl_kernel_perf_event_max_sample_rate object_static_run_sysctld_sysctl_kernel_perf_event_max_sample_rate /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*kernel.perf_event_max_sample_rate[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*kernel.perf_event_max_sample_rate[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*kernel.perf_event_max_sample_rate[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.perf_event_max_sample_rate[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.perf_event_max_sample_rate[\s]*=[\s]*(.*\S)[\s]*$ 1 kernel.perf_event_paranoid object_static_etc_lib_sysctls_sysctl_kernel_perf_event_paranoid object_static_run_usr_local_sysctls_sysctl_kernel_perf_event_paranoid object_static_etc_sysctls_sysctl_kernel_perf_event_paranoid object_static_sysctl_sysctl_kernel_perf_event_paranoid object_static_etc_sysctld_sysctl_kernel_perf_event_paranoid object_static_usr_local_lib_sysctld_sysctl_kernel_perf_event_paranoid object_static_run_sysctld_sysctl_kernel_perf_event_paranoid /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*kernel.perf_event_paranoid[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*kernel.perf_event_paranoid[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*kernel.perf_event_paranoid[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.perf_event_paranoid[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.perf_event_paranoid[\s]*=[\s]*(.*\S)[\s]*$ 1 kernel.pid_max object_static_etc_lib_sysctls_sysctl_kernel_pid_max object_static_run_usr_local_sysctls_sysctl_kernel_pid_max object_static_etc_sysctls_sysctl_kernel_pid_max object_static_sysctl_sysctl_kernel_pid_max object_static_etc_sysctld_sysctl_kernel_pid_max object_static_usr_local_lib_sysctld_sysctl_kernel_pid_max object_static_run_sysctld_sysctl_kernel_pid_max /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*kernel.pid_max[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*kernel.pid_max[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*kernel.pid_max[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.pid_max[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.pid_max[\s]*=[\s]*(.*\S)[\s]*$ 1 kernel.randomize_va_space object_static_etc_lib_sysctls_sysctl_kernel_randomize_va_space object_static_run_usr_local_sysctls_sysctl_kernel_randomize_va_space object_static_etc_sysctls_sysctl_kernel_randomize_va_space object_static_sysctl_sysctl_kernel_randomize_va_space object_static_etc_sysctld_sysctl_kernel_randomize_va_space object_static_usr_local_lib_sysctld_sysctl_kernel_randomize_va_space object_static_run_sysctld_sysctl_kernel_randomize_va_space /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*kernel.randomize_va_space[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*kernel.randomize_va_space[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*kernel.randomize_va_space[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.randomize_va_space[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.randomize_va_space[\s]*=[\s]*(.*\S)[\s]*$ 1 kernel.sysrq object_static_etc_lib_sysctls_sysctl_kernel_sysrq object_static_run_usr_local_sysctls_sysctl_kernel_sysrq object_static_etc_sysctls_sysctl_kernel_sysrq object_static_sysctl_sysctl_kernel_sysrq object_static_etc_sysctld_sysctl_kernel_sysrq object_static_usr_local_lib_sysctld_sysctl_kernel_sysrq object_static_run_sysctld_sysctl_kernel_sysrq /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*kernel.sysrq[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*kernel.sysrq[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*kernel.sysrq[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.sysrq[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.sysrq[\s]*=[\s]*(.*\S)[\s]*$ 1 kernel.unprivileged_bpf_disabled object_static_etc_lib_sysctls_sysctl_kernel_unprivileged_bpf_disabled object_static_run_usr_local_sysctls_sysctl_kernel_unprivileged_bpf_disabled object_static_etc_sysctls_sysctl_kernel_unprivileged_bpf_disabled object_static_sysctl_sysctl_kernel_unprivileged_bpf_disabled object_static_etc_sysctld_sysctl_kernel_unprivileged_bpf_disabled object_static_usr_local_lib_sysctld_sysctl_kernel_unprivileged_bpf_disabled object_static_run_sysctld_sysctl_kernel_unprivileged_bpf_disabled /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*kernel.unprivileged_bpf_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*kernel.unprivileged_bpf_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*kernel.unprivileged_bpf_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.unprivileged_bpf_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.unprivileged_bpf_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 kernel.unprivileged_bpf_disabled object_static_etc_lib_sysctls_sysctl_kernel_unprivileged_bpf_disabled_accept_default object_static_run_usr_local_sysctls_sysctl_kernel_unprivileged_bpf_disabled_accept_default object_static_etc_sysctls_sysctl_kernel_unprivileged_bpf_disabled_accept_default object_static_sysctl_sysctl_kernel_unprivileged_bpf_disabled_accept_default object_static_etc_sysctld_sysctl_kernel_unprivileged_bpf_disabled_accept_default object_static_usr_local_lib_sysctld_sysctl_kernel_unprivileged_bpf_disabled_accept_default object_static_run_sysctld_sysctl_kernel_unprivileged_bpf_disabled_accept_default /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*kernel.unprivileged_bpf_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*kernel.unprivileged_bpf_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*kernel.unprivileged_bpf_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.unprivileged_bpf_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.unprivileged_bpf_disabled[\s]*=[\s]*(.*\S)[\s]*$ 1 kernel.yama.ptrace_scope object_static_etc_lib_sysctls_sysctl_kernel_yama_ptrace_scope object_static_run_usr_local_sysctls_sysctl_kernel_yama_ptrace_scope object_static_etc_sysctls_sysctl_kernel_yama_ptrace_scope object_static_sysctl_sysctl_kernel_yama_ptrace_scope object_static_etc_sysctld_sysctl_kernel_yama_ptrace_scope object_static_usr_local_lib_sysctld_sysctl_kernel_yama_ptrace_scope object_static_run_sysctld_sysctl_kernel_yama_ptrace_scope /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*kernel.yama.ptrace_scope[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*kernel.yama.ptrace_scope[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*kernel.yama.ptrace_scope[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.yama.ptrace_scope[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*kernel.yama.ptrace_scope[\s]*=[\s]*(.*\S)[\s]*$ 1 net.core.bpf_jit_harden object_static_etc_lib_sysctls_sysctl_net_core_bpf_jit_harden object_static_run_usr_local_sysctls_sysctl_net_core_bpf_jit_harden object_static_etc_sysctls_sysctl_net_core_bpf_jit_harden object_static_sysctl_sysctl_net_core_bpf_jit_harden object_static_etc_sysctld_sysctl_net_core_bpf_jit_harden object_static_usr_local_lib_sysctld_sysctl_net_core_bpf_jit_harden object_static_run_sysctld_sysctl_net_core_bpf_jit_harden /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.core.bpf_jit_harden[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.core.bpf_jit_harden[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.core.bpf_jit_harden[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.core.bpf_jit_harden[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.core.bpf_jit_harden[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.all.accept_local object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_all_accept_local object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_all_accept_local object_static_etc_sysctls_sysctl_net_ipv4_conf_all_accept_local object_static_sysctl_sysctl_net_ipv4_conf_all_accept_local object_static_etc_sysctld_sysctl_net_ipv4_conf_all_accept_local object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_all_accept_local object_static_run_sysctld_sysctl_net_ipv4_conf_all_accept_local /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.all.accept_local[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.accept_local[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.accept_local[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.accept_local[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.accept_local[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.all.accept_redirects object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_all_accept_redirects object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_all_accept_redirects object_static_etc_sysctls_sysctl_net_ipv4_conf_all_accept_redirects object_static_sysctl_sysctl_net_ipv4_conf_all_accept_redirects object_static_etc_sysctld_sysctl_net_ipv4_conf_all_accept_redirects object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_all_accept_redirects object_static_run_sysctld_sysctl_net_ipv4_conf_all_accept_redirects /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.all.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.all.accept_source_route object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_all_accept_source_route object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_all_accept_source_route object_static_etc_sysctls_sysctl_net_ipv4_conf_all_accept_source_route object_static_sysctl_sysctl_net_ipv4_conf_all_accept_source_route object_static_etc_sysctld_sysctl_net_ipv4_conf_all_accept_source_route object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_all_accept_source_route object_static_run_sysctld_sysctl_net_ipv4_conf_all_accept_source_route /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.all.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.all.arp_filter object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_all_arp_filter object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_all_arp_filter object_static_etc_sysctls_sysctl_net_ipv4_conf_all_arp_filter object_static_sysctl_sysctl_net_ipv4_conf_all_arp_filter object_static_etc_sysctld_sysctl_net_ipv4_conf_all_arp_filter object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_all_arp_filter object_static_run_sysctld_sysctl_net_ipv4_conf_all_arp_filter /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.all.arp_filter[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.arp_filter[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.arp_filter[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.arp_filter[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.arp_filter[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.all.arp_ignore object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_all_arp_ignore object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_all_arp_ignore object_static_etc_sysctls_sysctl_net_ipv4_conf_all_arp_ignore object_static_sysctl_sysctl_net_ipv4_conf_all_arp_ignore object_static_etc_sysctld_sysctl_net_ipv4_conf_all_arp_ignore object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_all_arp_ignore object_static_run_sysctld_sysctl_net_ipv4_conf_all_arp_ignore /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.all.arp_ignore[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.arp_ignore[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.arp_ignore[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.arp_ignore[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.arp_ignore[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.all.drop_gratuitous_arp object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_all_drop_gratuitous_arp object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_all_drop_gratuitous_arp object_static_etc_sysctls_sysctl_net_ipv4_conf_all_drop_gratuitous_arp object_static_sysctl_sysctl_net_ipv4_conf_all_drop_gratuitous_arp object_static_etc_sysctld_sysctl_net_ipv4_conf_all_drop_gratuitous_arp object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_all_drop_gratuitous_arp object_static_run_sysctld_sysctl_net_ipv4_conf_all_drop_gratuitous_arp /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.all.drop_gratuitous_arp[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.drop_gratuitous_arp[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.drop_gratuitous_arp[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.drop_gratuitous_arp[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.drop_gratuitous_arp[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.all.forwarding object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_all_forwarding object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_all_forwarding object_static_etc_sysctls_sysctl_net_ipv4_conf_all_forwarding object_static_sysctl_sysctl_net_ipv4_conf_all_forwarding object_static_etc_sysctld_sysctl_net_ipv4_conf_all_forwarding object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_all_forwarding object_static_run_sysctld_sysctl_net_ipv4_conf_all_forwarding /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.all.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.all.log_martians object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_all_log_martians object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_all_log_martians object_static_etc_sysctls_sysctl_net_ipv4_conf_all_log_martians object_static_sysctl_sysctl_net_ipv4_conf_all_log_martians object_static_etc_sysctld_sysctl_net_ipv4_conf_all_log_martians object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_all_log_martians object_static_run_sysctld_sysctl_net_ipv4_conf_all_log_martians /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.all.log_martians[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.log_martians[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.log_martians[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.log_martians[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.log_martians[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.all.route_localnet object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_all_route_localnet object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_all_route_localnet object_static_etc_sysctls_sysctl_net_ipv4_conf_all_route_localnet object_static_sysctl_sysctl_net_ipv4_conf_all_route_localnet object_static_etc_sysctld_sysctl_net_ipv4_conf_all_route_localnet object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_all_route_localnet object_static_run_sysctld_sysctl_net_ipv4_conf_all_route_localnet /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.all.route_localnet[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.route_localnet[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.route_localnet[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.route_localnet[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.route_localnet[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.all.rp_filter object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_all_rp_filter object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_all_rp_filter object_static_etc_sysctls_sysctl_net_ipv4_conf_all_rp_filter object_static_sysctl_sysctl_net_ipv4_conf_all_rp_filter object_static_etc_sysctld_sysctl_net_ipv4_conf_all_rp_filter object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_all_rp_filter object_static_run_sysctld_sysctl_net_ipv4_conf_all_rp_filter /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.all.rp_filter[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.rp_filter[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.rp_filter[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.rp_filter[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.rp_filter[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.all.secure_redirects object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_all_secure_redirects object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_all_secure_redirects object_static_etc_sysctls_sysctl_net_ipv4_conf_all_secure_redirects object_static_sysctl_sysctl_net_ipv4_conf_all_secure_redirects object_static_etc_sysctld_sysctl_net_ipv4_conf_all_secure_redirects object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_all_secure_redirects object_static_run_sysctld_sysctl_net_ipv4_conf_all_secure_redirects /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.all.secure_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.secure_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.secure_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.secure_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.secure_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.all.send_redirects object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_all_send_redirects object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_all_send_redirects object_static_etc_sysctls_sysctl_net_ipv4_conf_all_send_redirects object_static_sysctl_sysctl_net_ipv4_conf_all_send_redirects object_static_etc_sysctld_sysctl_net_ipv4_conf_all_send_redirects object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_all_send_redirects object_static_run_sysctld_sysctl_net_ipv4_conf_all_send_redirects /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.all.send_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.send_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.send_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.send_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.send_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.all.shared_media object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_all_shared_media object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_all_shared_media object_static_etc_sysctls_sysctl_net_ipv4_conf_all_shared_media object_static_sysctl_sysctl_net_ipv4_conf_all_shared_media object_static_etc_sysctld_sysctl_net_ipv4_conf_all_shared_media object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_all_shared_media object_static_run_sysctld_sysctl_net_ipv4_conf_all_shared_media /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.all.shared_media[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.shared_media[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.shared_media[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.shared_media[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.all.shared_media[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.default.accept_redirects object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_default_accept_redirects object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_default_accept_redirects object_static_etc_sysctls_sysctl_net_ipv4_conf_default_accept_redirects object_static_sysctl_sysctl_net_ipv4_conf_default_accept_redirects object_static_etc_sysctld_sysctl_net_ipv4_conf_default_accept_redirects object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_default_accept_redirects object_static_run_sysctld_sysctl_net_ipv4_conf_default_accept_redirects /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.default.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.default.accept_source_route object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_default_accept_source_route object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_default_accept_source_route object_static_etc_sysctls_sysctl_net_ipv4_conf_default_accept_source_route object_static_sysctl_sysctl_net_ipv4_conf_default_accept_source_route object_static_etc_sysctld_sysctl_net_ipv4_conf_default_accept_source_route object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_default_accept_source_route object_static_run_sysctld_sysctl_net_ipv4_conf_default_accept_source_route /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.default.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.default.forwarding object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_default_forwarding object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_default_forwarding object_static_etc_sysctls_sysctl_net_ipv4_conf_default_forwarding object_static_sysctl_sysctl_net_ipv4_conf_default_forwarding object_static_etc_sysctld_sysctl_net_ipv4_conf_default_forwarding object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_default_forwarding object_static_run_sysctld_sysctl_net_ipv4_conf_default_forwarding /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.default.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.default.log_martians object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_default_log_martians object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_default_log_martians object_static_etc_sysctls_sysctl_net_ipv4_conf_default_log_martians object_static_sysctl_sysctl_net_ipv4_conf_default_log_martians object_static_etc_sysctld_sysctl_net_ipv4_conf_default_log_martians object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_default_log_martians object_static_run_sysctld_sysctl_net_ipv4_conf_default_log_martians /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.default.log_martians[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.log_martians[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.log_martians[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.log_martians[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.log_martians[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.default.rp_filter object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_default_rp_filter object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_default_rp_filter object_static_etc_sysctls_sysctl_net_ipv4_conf_default_rp_filter object_static_sysctl_sysctl_net_ipv4_conf_default_rp_filter object_static_etc_sysctld_sysctl_net_ipv4_conf_default_rp_filter object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_default_rp_filter object_static_run_sysctld_sysctl_net_ipv4_conf_default_rp_filter /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.default.rp_filter[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.rp_filter[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.rp_filter[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.rp_filter[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.rp_filter[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.default.secure_redirects object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_default_secure_redirects object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_default_secure_redirects object_static_etc_sysctls_sysctl_net_ipv4_conf_default_secure_redirects object_static_sysctl_sysctl_net_ipv4_conf_default_secure_redirects object_static_etc_sysctld_sysctl_net_ipv4_conf_default_secure_redirects object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_default_secure_redirects object_static_run_sysctld_sysctl_net_ipv4_conf_default_secure_redirects /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.default.secure_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.secure_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.secure_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.secure_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.secure_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.default.send_redirects object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_default_send_redirects object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_default_send_redirects object_static_etc_sysctls_sysctl_net_ipv4_conf_default_send_redirects object_static_sysctl_sysctl_net_ipv4_conf_default_send_redirects object_static_etc_sysctld_sysctl_net_ipv4_conf_default_send_redirects object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_default_send_redirects object_static_run_sysctld_sysctl_net_ipv4_conf_default_send_redirects /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.default.send_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.send_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.send_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.send_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.send_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.conf.default.shared_media object_static_etc_lib_sysctls_sysctl_net_ipv4_conf_default_shared_media object_static_run_usr_local_sysctls_sysctl_net_ipv4_conf_default_shared_media object_static_etc_sysctls_sysctl_net_ipv4_conf_default_shared_media object_static_sysctl_sysctl_net_ipv4_conf_default_shared_media object_static_etc_sysctld_sysctl_net_ipv4_conf_default_shared_media object_static_usr_local_lib_sysctld_sysctl_net_ipv4_conf_default_shared_media object_static_run_sysctld_sysctl_net_ipv4_conf_default_shared_media /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.conf.default.shared_media[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.shared_media[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.shared_media[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.shared_media[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.conf.default.shared_media[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.icmp_echo_ignore_broadcasts object_static_etc_lib_sysctls_sysctl_net_ipv4_icmp_echo_ignore_broadcasts object_static_run_usr_local_sysctls_sysctl_net_ipv4_icmp_echo_ignore_broadcasts object_static_etc_sysctls_sysctl_net_ipv4_icmp_echo_ignore_broadcasts object_static_sysctl_sysctl_net_ipv4_icmp_echo_ignore_broadcasts object_static_etc_sysctld_sysctl_net_ipv4_icmp_echo_ignore_broadcasts object_static_usr_local_lib_sysctld_sysctl_net_ipv4_icmp_echo_ignore_broadcasts object_static_run_sysctld_sysctl_net_ipv4_icmp_echo_ignore_broadcasts /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.icmp_echo_ignore_broadcasts[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.icmp_echo_ignore_broadcasts[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.icmp_echo_ignore_broadcasts[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.icmp_echo_ignore_broadcasts[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.icmp_echo_ignore_broadcasts[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.icmp_ignore_bogus_error_responses object_static_etc_lib_sysctls_sysctl_net_ipv4_icmp_ignore_bogus_error_responses object_static_run_usr_local_sysctls_sysctl_net_ipv4_icmp_ignore_bogus_error_responses object_static_etc_sysctls_sysctl_net_ipv4_icmp_ignore_bogus_error_responses object_static_sysctl_sysctl_net_ipv4_icmp_ignore_bogus_error_responses object_static_etc_sysctld_sysctl_net_ipv4_icmp_ignore_bogus_error_responses object_static_usr_local_lib_sysctld_sysctl_net_ipv4_icmp_ignore_bogus_error_responses object_static_run_sysctld_sysctl_net_ipv4_icmp_ignore_bogus_error_responses /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.icmp_ignore_bogus_error_responses[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.icmp_ignore_bogus_error_responses[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.icmp_ignore_bogus_error_responses[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.icmp_ignore_bogus_error_responses[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.icmp_ignore_bogus_error_responses[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.ip_forward object_static_etc_lib_sysctls_sysctl_net_ipv4_ip_forward object_static_run_usr_local_sysctls_sysctl_net_ipv4_ip_forward object_static_etc_sysctls_sysctl_net_ipv4_ip_forward object_static_sysctl_sysctl_net_ipv4_ip_forward object_static_etc_sysctld_sysctl_net_ipv4_ip_forward object_static_usr_local_lib_sysctld_sysctl_net_ipv4_ip_forward object_static_run_sysctld_sysctl_net_ipv4_ip_forward /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.ip_forward[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.ip_forward[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.ip_forward[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.ip_forward[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.ip_forward[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.ip_local_port_range object_static_etc_lib_sysctls_sysctl_net_ipv4_ip_local_port_range object_static_run_usr_local_sysctls_sysctl_net_ipv4_ip_local_port_range object_static_etc_sysctls_sysctl_net_ipv4_ip_local_port_range object_static_sysctl_sysctl_net_ipv4_ip_local_port_range object_static_etc_sysctld_sysctl_net_ipv4_ip_local_port_range object_static_usr_local_lib_sysctld_sysctl_net_ipv4_ip_local_port_range object_static_run_sysctld_sysctl_net_ipv4_ip_local_port_range /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.ip_local_port_range[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.ip_local_port_range[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.ip_local_port_range[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.ip_local_port_range[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.ip_local_port_range[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.tcp_invalid_ratelimit object_static_etc_lib_sysctls_sysctl_net_ipv4_tcp_invalid_ratelimit object_static_run_usr_local_sysctls_sysctl_net_ipv4_tcp_invalid_ratelimit object_static_etc_sysctls_sysctl_net_ipv4_tcp_invalid_ratelimit object_static_sysctl_sysctl_net_ipv4_tcp_invalid_ratelimit object_static_etc_sysctld_sysctl_net_ipv4_tcp_invalid_ratelimit object_static_usr_local_lib_sysctld_sysctl_net_ipv4_tcp_invalid_ratelimit object_static_run_sysctld_sysctl_net_ipv4_tcp_invalid_ratelimit /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.tcp_invalid_ratelimit[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.tcp_invalid_ratelimit[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.tcp_invalid_ratelimit[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.tcp_invalid_ratelimit[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.tcp_invalid_ratelimit[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.tcp_rfc1337 object_static_etc_lib_sysctls_sysctl_net_ipv4_tcp_rfc1337 object_static_run_usr_local_sysctls_sysctl_net_ipv4_tcp_rfc1337 object_static_etc_sysctls_sysctl_net_ipv4_tcp_rfc1337 object_static_sysctl_sysctl_net_ipv4_tcp_rfc1337 object_static_etc_sysctld_sysctl_net_ipv4_tcp_rfc1337 object_static_usr_local_lib_sysctld_sysctl_net_ipv4_tcp_rfc1337 object_static_run_sysctld_sysctl_net_ipv4_tcp_rfc1337 /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.tcp_rfc1337[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.tcp_rfc1337[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.tcp_rfc1337[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.tcp_rfc1337[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.tcp_rfc1337[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv4.tcp_syncookies object_static_etc_lib_sysctls_sysctl_net_ipv4_tcp_syncookies object_static_run_usr_local_sysctls_sysctl_net_ipv4_tcp_syncookies object_static_etc_sysctls_sysctl_net_ipv4_tcp_syncookies object_static_sysctl_sysctl_net_ipv4_tcp_syncookies object_static_etc_sysctld_sysctl_net_ipv4_tcp_syncookies object_static_usr_local_lib_sysctld_sysctl_net_ipv4_tcp_syncookies object_static_run_sysctld_sysctl_net_ipv4_tcp_syncookies /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv4.tcp_syncookies[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.tcp_syncookies[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.tcp_syncookies[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.tcp_syncookies[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv4.tcp_syncookies[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.all.accept_ra object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_all_accept_ra object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_all_accept_ra object_static_etc_sysctls_sysctl_net_ipv6_conf_all_accept_ra object_static_sysctl_sysctl_net_ipv6_conf_all_accept_ra object_static_etc_sysctld_sysctl_net_ipv6_conf_all_accept_ra object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_all_accept_ra object_static_run_sysctld_sysctl_net_ipv6_conf_all_accept_ra /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.all.accept_ra[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_ra[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_ra[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_ra[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_ra[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.all.accept_ra_defrtr object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_all_accept_ra_defrtr object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_all_accept_ra_defrtr object_static_etc_sysctls_sysctl_net_ipv6_conf_all_accept_ra_defrtr object_static_sysctl_sysctl_net_ipv6_conf_all_accept_ra_defrtr object_static_etc_sysctld_sysctl_net_ipv6_conf_all_accept_ra_defrtr object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_all_accept_ra_defrtr object_static_run_sysctld_sysctl_net_ipv6_conf_all_accept_ra_defrtr /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.all.accept_ra_defrtr[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_ra_defrtr[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_ra_defrtr[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_ra_defrtr[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_ra_defrtr[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.all.accept_ra_pinfo object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_all_accept_ra_pinfo object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_all_accept_ra_pinfo object_static_etc_sysctls_sysctl_net_ipv6_conf_all_accept_ra_pinfo object_static_sysctl_sysctl_net_ipv6_conf_all_accept_ra_pinfo object_static_etc_sysctld_sysctl_net_ipv6_conf_all_accept_ra_pinfo object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_all_accept_ra_pinfo object_static_run_sysctld_sysctl_net_ipv6_conf_all_accept_ra_pinfo /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.all.accept_ra_pinfo[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_ra_pinfo[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_ra_pinfo[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_ra_pinfo[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_ra_pinfo[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.all.accept_ra_rtr_pref object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_all_accept_ra_rtr_pref object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_all_accept_ra_rtr_pref object_static_etc_sysctls_sysctl_net_ipv6_conf_all_accept_ra_rtr_pref object_static_sysctl_sysctl_net_ipv6_conf_all_accept_ra_rtr_pref object_static_etc_sysctld_sysctl_net_ipv6_conf_all_accept_ra_rtr_pref object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_all_accept_ra_rtr_pref object_static_run_sysctld_sysctl_net_ipv6_conf_all_accept_ra_rtr_pref /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.all.accept_ra_rtr_pref[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_ra_rtr_pref[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_ra_rtr_pref[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_ra_rtr_pref[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_ra_rtr_pref[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.all.accept_redirects object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_all_accept_redirects object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_all_accept_redirects object_static_etc_sysctls_sysctl_net_ipv6_conf_all_accept_redirects object_static_sysctl_sysctl_net_ipv6_conf_all_accept_redirects object_static_etc_sysctld_sysctl_net_ipv6_conf_all_accept_redirects object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_all_accept_redirects object_static_run_sysctld_sysctl_net_ipv6_conf_all_accept_redirects /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.all.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.all.accept_source_route object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_all_accept_source_route object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_all_accept_source_route object_static_etc_sysctls_sysctl_net_ipv6_conf_all_accept_source_route object_static_sysctl_sysctl_net_ipv6_conf_all_accept_source_route object_static_etc_sysctld_sysctl_net_ipv6_conf_all_accept_source_route object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_all_accept_source_route object_static_run_sysctld_sysctl_net_ipv6_conf_all_accept_source_route /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.all.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.all.autoconf object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_all_autoconf object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_all_autoconf object_static_etc_sysctls_sysctl_net_ipv6_conf_all_autoconf object_static_sysctl_sysctl_net_ipv6_conf_all_autoconf object_static_etc_sysctld_sysctl_net_ipv6_conf_all_autoconf object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_all_autoconf object_static_run_sysctld_sysctl_net_ipv6_conf_all_autoconf /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.all.autoconf[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.autoconf[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.autoconf[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.autoconf[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.autoconf[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.all.disable_ipv6 object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_all_disable_ipv6 object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_all_disable_ipv6 object_static_etc_sysctls_sysctl_net_ipv6_conf_all_disable_ipv6 object_static_sysctl_sysctl_net_ipv6_conf_all_disable_ipv6 object_static_etc_sysctld_sysctl_net_ipv6_conf_all_disable_ipv6 object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_all_disable_ipv6 object_static_run_sysctld_sysctl_net_ipv6_conf_all_disable_ipv6 /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.all.disable_ipv6[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.disable_ipv6[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.disable_ipv6[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.disable_ipv6[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.disable_ipv6[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.all.forwarding object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_all_forwarding object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_all_forwarding object_static_etc_sysctls_sysctl_net_ipv6_conf_all_forwarding object_static_sysctl_sysctl_net_ipv6_conf_all_forwarding object_static_etc_sysctld_sysctl_net_ipv6_conf_all_forwarding object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_all_forwarding object_static_run_sysctld_sysctl_net_ipv6_conf_all_forwarding /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.all.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.all.max_addresses object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_all_max_addresses object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_all_max_addresses object_static_etc_sysctls_sysctl_net_ipv6_conf_all_max_addresses object_static_sysctl_sysctl_net_ipv6_conf_all_max_addresses object_static_etc_sysctld_sysctl_net_ipv6_conf_all_max_addresses object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_all_max_addresses object_static_run_sysctld_sysctl_net_ipv6_conf_all_max_addresses /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.all.max_addresses[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.max_addresses[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.max_addresses[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.max_addresses[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.max_addresses[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.all.router_solicitations object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_all_router_solicitations object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_all_router_solicitations object_static_etc_sysctls_sysctl_net_ipv6_conf_all_router_solicitations object_static_sysctl_sysctl_net_ipv6_conf_all_router_solicitations object_static_etc_sysctld_sysctl_net_ipv6_conf_all_router_solicitations object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_all_router_solicitations object_static_run_sysctld_sysctl_net_ipv6_conf_all_router_solicitations /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.all.router_solicitations[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.router_solicitations[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.router_solicitations[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.router_solicitations[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.all.router_solicitations[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.default.accept_ra object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_default_accept_ra object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_default_accept_ra object_static_etc_sysctls_sysctl_net_ipv6_conf_default_accept_ra object_static_sysctl_sysctl_net_ipv6_conf_default_accept_ra object_static_etc_sysctld_sysctl_net_ipv6_conf_default_accept_ra object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_default_accept_ra object_static_run_sysctld_sysctl_net_ipv6_conf_default_accept_ra /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.default.accept_ra[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_ra[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_ra[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_ra[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_ra[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.default.accept_ra_defrtr object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_default_accept_ra_defrtr object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_default_accept_ra_defrtr object_static_etc_sysctls_sysctl_net_ipv6_conf_default_accept_ra_defrtr object_static_sysctl_sysctl_net_ipv6_conf_default_accept_ra_defrtr object_static_etc_sysctld_sysctl_net_ipv6_conf_default_accept_ra_defrtr object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_default_accept_ra_defrtr object_static_run_sysctld_sysctl_net_ipv6_conf_default_accept_ra_defrtr /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.default.accept_ra_defrtr[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_ra_defrtr[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_ra_defrtr[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_ra_defrtr[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_ra_defrtr[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.default.accept_ra_pinfo object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_default_accept_ra_pinfo object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_default_accept_ra_pinfo object_static_etc_sysctls_sysctl_net_ipv6_conf_default_accept_ra_pinfo object_static_sysctl_sysctl_net_ipv6_conf_default_accept_ra_pinfo object_static_etc_sysctld_sysctl_net_ipv6_conf_default_accept_ra_pinfo object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_default_accept_ra_pinfo object_static_run_sysctld_sysctl_net_ipv6_conf_default_accept_ra_pinfo /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.default.accept_ra_pinfo[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_ra_pinfo[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_ra_pinfo[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_ra_pinfo[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_ra_pinfo[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.default.accept_ra_rtr_pref object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_default_accept_ra_rtr_pref object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_default_accept_ra_rtr_pref object_static_etc_sysctls_sysctl_net_ipv6_conf_default_accept_ra_rtr_pref object_static_sysctl_sysctl_net_ipv6_conf_default_accept_ra_rtr_pref object_static_etc_sysctld_sysctl_net_ipv6_conf_default_accept_ra_rtr_pref object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_default_accept_ra_rtr_pref object_static_run_sysctld_sysctl_net_ipv6_conf_default_accept_ra_rtr_pref /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.default.accept_ra_rtr_pref[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_ra_rtr_pref[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_ra_rtr_pref[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_ra_rtr_pref[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_ra_rtr_pref[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.default.accept_redirects object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_default_accept_redirects object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_default_accept_redirects object_static_etc_sysctls_sysctl_net_ipv6_conf_default_accept_redirects object_static_sysctl_sysctl_net_ipv6_conf_default_accept_redirects object_static_etc_sysctld_sysctl_net_ipv6_conf_default_accept_redirects object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_default_accept_redirects object_static_run_sysctld_sysctl_net_ipv6_conf_default_accept_redirects /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.default.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_redirects[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.default.accept_source_route object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_default_accept_source_route object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_default_accept_source_route object_static_etc_sysctls_sysctl_net_ipv6_conf_default_accept_source_route object_static_sysctl_sysctl_net_ipv6_conf_default_accept_source_route object_static_etc_sysctld_sysctl_net_ipv6_conf_default_accept_source_route object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_default_accept_source_route object_static_run_sysctld_sysctl_net_ipv6_conf_default_accept_source_route /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.default.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.accept_source_route[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.default.autoconf object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_default_autoconf object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_default_autoconf object_static_etc_sysctls_sysctl_net_ipv6_conf_default_autoconf object_static_sysctl_sysctl_net_ipv6_conf_default_autoconf object_static_etc_sysctld_sysctl_net_ipv6_conf_default_autoconf object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_default_autoconf object_static_run_sysctld_sysctl_net_ipv6_conf_default_autoconf /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.default.autoconf[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.autoconf[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.autoconf[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.autoconf[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.autoconf[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.default.disable_ipv6 object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_default_disable_ipv6 object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_default_disable_ipv6 object_static_etc_sysctls_sysctl_net_ipv6_conf_default_disable_ipv6 object_static_sysctl_sysctl_net_ipv6_conf_default_disable_ipv6 object_static_etc_sysctld_sysctl_net_ipv6_conf_default_disable_ipv6 object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_default_disable_ipv6 object_static_run_sysctld_sysctl_net_ipv6_conf_default_disable_ipv6 /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.default.disable_ipv6[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.disable_ipv6[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.disable_ipv6[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.disable_ipv6[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.disable_ipv6[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.default.forwarding object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_default_forwarding object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_default_forwarding object_static_etc_sysctls_sysctl_net_ipv6_conf_default_forwarding object_static_sysctl_sysctl_net_ipv6_conf_default_forwarding object_static_etc_sysctld_sysctl_net_ipv6_conf_default_forwarding object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_default_forwarding object_static_run_sysctld_sysctl_net_ipv6_conf_default_forwarding /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.default.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.forwarding[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.default.max_addresses object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_default_max_addresses object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_default_max_addresses object_static_etc_sysctls_sysctl_net_ipv6_conf_default_max_addresses object_static_sysctl_sysctl_net_ipv6_conf_default_max_addresses object_static_etc_sysctld_sysctl_net_ipv6_conf_default_max_addresses object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_default_max_addresses object_static_run_sysctld_sysctl_net_ipv6_conf_default_max_addresses /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.default.max_addresses[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.max_addresses[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.max_addresses[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.max_addresses[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.max_addresses[\s]*=[\s]*(.*\S)[\s]*$ 1 net.ipv6.conf.default.router_solicitations object_static_etc_lib_sysctls_sysctl_net_ipv6_conf_default_router_solicitations object_static_run_usr_local_sysctls_sysctl_net_ipv6_conf_default_router_solicitations object_static_etc_sysctls_sysctl_net_ipv6_conf_default_router_solicitations object_static_sysctl_sysctl_net_ipv6_conf_default_router_solicitations object_static_etc_sysctld_sysctl_net_ipv6_conf_default_router_solicitations object_static_usr_local_lib_sysctld_sysctl_net_ipv6_conf_default_router_solicitations object_static_run_sysctld_sysctl_net_ipv6_conf_default_router_solicitations /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*net.ipv6.conf.default.router_solicitations[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.router_solicitations[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.router_solicitations[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.router_solicitations[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*net.ipv6.conf.default.router_solicitations[\s]*=[\s]*(.*\S)[\s]*$ 1 user.max_user_namespaces object_static_etc_lib_sysctls_sysctl_user_max_user_namespaces object_static_run_usr_local_sysctls_sysctl_user_max_user_namespaces object_static_etc_sysctls_sysctl_user_max_user_namespaces object_static_sysctl_sysctl_user_max_user_namespaces object_static_etc_sysctld_sysctl_user_max_user_namespaces object_static_usr_local_lib_sysctld_sysctl_user_max_user_namespaces object_static_run_sysctld_sysctl_user_max_user_namespaces /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*user.max_user_namespaces[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*user.max_user_namespaces[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*user.max_user_namespaces[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*user.max_user_namespaces[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*user.max_user_namespaces[\s]*=[\s]*(.*\S)[\s]*$ 1 user.max_user_namespaces object_static_etc_lib_sysctls_sysctl_user_max_user_namespaces_no_remediation object_static_run_usr_local_sysctls_sysctl_user_max_user_namespaces_no_remediation object_static_etc_sysctls_sysctl_user_max_user_namespaces_no_remediation object_static_sysctl_sysctl_user_max_user_namespaces_no_remediation object_static_etc_sysctld_sysctl_user_max_user_namespaces_no_remediation object_static_usr_local_lib_sysctld_sysctl_user_max_user_namespaces_no_remediation object_static_run_sysctld_sysctl_user_max_user_namespaces_no_remediation /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*user.max_user_namespaces[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*user.max_user_namespaces[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*user.max_user_namespaces[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*user.max_user_namespaces[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*user.max_user_namespaces[\s]*=[\s]*(.*\S)[\s]*$ 1 vm.mmap_min_addr object_static_etc_lib_sysctls_sysctl_vm_mmap_min_addr object_static_run_usr_local_sysctls_sysctl_vm_mmap_min_addr object_static_etc_sysctls_sysctl_vm_mmap_min_addr object_static_sysctl_sysctl_vm_mmap_min_addr object_static_etc_sysctld_sysctl_vm_mmap_min_addr object_static_usr_local_lib_sysctld_sysctl_vm_mmap_min_addr object_static_run_sysctld_sysctl_vm_mmap_min_addr /etc(/ufw){0,1}/sysctl.conf$ ^[\s]*vm.mmap_min_addr[\s]*=[\s]*(.*\S)[\s]*$ 1 /etc/sysctl.d ^.*\.conf$ ^[\s]*vm.mmap_min_addr[\s]*=[\s]*(.*\S)[\s]*$ 1 /run/sysctl.d ^.*\.conf$ ^[\s]*vm.mmap_min_addr[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/local/lib/sysctl.d ^.*\.conf$ ^[\s]*vm.mmap_min_addr[\s]*=[\s]*(.*\S)[\s]*$ 1 /usr/lib/sysctl.d ^.*\.conf$ ^[\s]*vm.mmap_min_addr[\s]*=[\s]*(.*\S)[\s]*$ 1 multi-user.target tmp.mount ActiveState multi-user.target dnf-automatic\.timer ActiveState multi-user.target logrotate\.timer ActiveState /etc/pam_pkcs11/pam_pkcs11.conf ^[\s]*use_mappers = pwent[\s]*$ 1 vlock ^/boot/loader/entries/.*.conf ^options (.*)$ 1 ^/etc/kernel/cmdline ^(.*)$ 1 ^/boot/loader/entries/.*.conf ^options (.*)$ 1 ^/etc/kernel/cmdline ^(.*)$ 1 ^/boot/loader/entries/.*.conf ^options (.*)$ 1 ^/etc/kernel/cmdline ^(.*)$ 1 ^/boot/loader/entries/.*.conf ^options (.*)$ 1 ^/etc/kernel/cmdline ^(.*)$ 1 ^/boot/loader/entries/.*.conf ^options (.*)$ 1 ^/etc/kernel/cmdline ^(.*)$ 1 ^/boot/loader/entries/.*.conf ^options (.*)$ 1 ^/etc/kernel/cmdline ^(.*)$ 1 ^/boot/loader/entries/.*.conf ^options (.*)$ 1 ^/etc/kernel/cmdline ^(.*)$ 1 /etc/pam.d/system-auth ^\s*password\s+(?:(?:required)|(?:requisite))\s+pam_faillock\.so.*$ 1 ^\s*password\s+(?:(?:required)|(?:requisite))\s+pam_pwquality\.so.*$ 1 /usr/lib/systemd/system/auditd.service ^ExecStartPost=\-\/sbin\/auditctl.*$ 1 /usr/lib/systemd/system/auditd.service ^(ExecStartPost=\-\/sbin\/augenrules.*$|Requires=augenrules.service) 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+setdomainname[\s]+|([\s]+|[,])setdomainname([\s]+|[,]))).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+setdomainname[\s]+|([\s]+|[,])setdomainname([\s]+|[,]))).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+setdomainname[\s]+|([\s]+|[,])setdomainname([\s]+|[,]))).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+setdomainname[\s]+|([\s]+|[,])setdomainname([\s]+|[,]))).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+sethostname[\s]+|([\s]+|[,])sethostname([\s]+|[,]))).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 ^/etc/audit/rules\.d/.*\.rules$ ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+sethostname[\s]+|([\s]+|[,])sethostname([\s]+|[,]))).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+sethostname[\s]+|([\s]+|[,])sethostname([\s]+|[,]))).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/audit.rules ^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+sethostname[\s]+|([\s]+|[,])sethostname([\s]+|[,]))).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ 1 /etc/audit/auditd.conf ^(log_file\s*=\s*.*)$ 1 /etc/audit/auditd.conf ^[ ]*log_group[ ]+=[ ]+root[ ]*$ 1 /etc/audit/auditd.conf ^[ ]*log_group[ ]+=.*$ 1 kernel rpm-ostree bootc openshift-kubelet /run/ostree-booted /ostree ^/etc/default/grub(\.d/[^/]+\.cfg)?$ ^\s*GRUB_DISABLE_RECOVERY=(.*)$ 1 ^/etc/chrony\.(conf|d/.+\.conf)$ ^([\s]*server[\s]+.+$){2,}$ 1 /etc/default/grub ^\s*GRUB_CMDLINE_LINUX_DEFAULT=.*$ 1 /boot/loader/entries/ ^.*\.conf$ ^options(?:\s+.*)?\s+\$kernelopts\b.*$ 1 /etc/os-release ^ID=\"(\w+)\"$ 1 /etc/os-release ^VERSION_ID=\"(\w+)\"$ 1 /etc/almalinux-release /etc/almalinux-release ^AlmaLinux release 9.[0-9]+ .*$ 1 anolis-release /etc/os-release ^ID="(\w+)"$ 1 /etc/os-release ^VERSION_ID="(\d+)"$ 1 /etc/os-release ^ID="(\w+)"$ 1 /etc/os-release ^VERSION_ID="(\d)"$ 1 /etc/os-release ^ID="(\w+)"$ 1 /etc/os-release ^VERSION_ID="(\d)"$ 1 /etc/debian_version fedora-release.* /etc/system-release-cpe ^cpe:\/o:fedoraproject:fedora:[\d]+$ 1 kylin-release /etc/os-release /etc/os-release ^ID=harden$ 1 /etc/os-release ^ID=["']?(\w+)["']?$ 1 oraclelinux-release oraclelinux-release oraclelinux-release oraclelinux-release /etc/os-release /etc/os-release ^ID=nodistro$ 1 openEuler-release openSUSE-release openSUSE-release Leap-release /etc/os-release /etc/os-release ^ID=petalinux$ 1 /etc/os-release /etc/os-release ^ID=poky$ 1 /etc/os-release ^ID="(\w+)"$ 1 /etc/os-release ^VARIANT_ID=(\S+)$ 1 /etc/os-release ^VERSION_ID="(\d+\.\d+)"$ 1 /etc/os-release ^VERSION_ID="(\d)\.\d+"$ 1 /etc/os-release ^RHEL_VERSION="(\d).*"$ 1 /etc/os-release ^ID=["']?(\w+)["']?$ 1 redhat-release /etc/redhat-release ^Red Hat Enterprise Linux release (\d)\.\d+$ 1 redhat-release redhat-release redhat-release redhat-release redhat-release redhat-release redhat-release redhat-release redhat-release redhat-release redhat-release redhat-release /etc/redhat-release ^Red Hat Enterprise Linux release (\d)\.\d+$ 1 redhat-release /etc/redhat-release ^Red Hat Enterprise Linux release (\d)\.\d+$ 1 redhat-release-virtualization-host sled-release sles-release SLES_SAP-release sled-release sles-release SLES_SAP-release SUSE-Manager-Server-release SLE_HPC-release SLES-release SLES_SAP-release sle-ha-release SUSE-MicroOS-release SLE-Micro-release SL-Micro-release tencentos-release /etc/lsb-release /etc/lsb-release ^DISTRIB_ID=Ubuntu$ 1 /etc/lsb-release ^DISTRIB_CODENAME=jammy$ 1 /etc/lsb-release ^DISTRIB_CODENAME=noble$ 1 s390utils-base /.dockerenv /run/.containerenv container /etc/fstab 1 sshd_required sshd_required sshd_required openssh-server /etc/tmux.conf ^/etc/usbguard/(rules|rules\.d/.*)\.conf$ ^.*\S+.*$ 1 var_accounts_user_umask_umask_as_number var_removable_partition var_umask_for_daemons_umask_as_number 0 0 0 true true true true true true true true true true true true true true true true 0 0 0 0 0 0 0 true true true true true true true true true true true true true true true true true true true true true true true true true true true true true ^(/dev/.*|composefs)$ nosuid noexec true true ^/var/tmp/dracut.* ^/sysroot/.*$ SYSLOG SINGLE HALT SYSLOG SINGLE HALT rotate single ^(?i)(syslog|single|halt)(?-i)$ ^[\s]+"false"[\s]*;[\s]*$ ^(static|none)$ 0 false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false ::1 25 465 587 (?i)root ^permit_mynetworks[ \t]*[, \t][ \t]*reject$ ^.*,sec=krb5\:krb5i\:krb5p.*$ nts 0 0 maxpoll \d+ ^_chrony$ altfiles symbolic link active 1 ^ALL$ \s*ExecStart\s*=\s*\S+\s+-s\s+\S+.* 2 sec=(krb5i|ntlmv2i) symbolic link /etc/ssh .*_key$ 0 0 false false false false false false false false false false 32 32 0 0 0 0 aes256-ctr,aes256-gcm@openssh.com,aes192-ctr,aes128-ctr,aes128-gcm@openssh.com ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256 hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com ^((aes128-ctr|aes192-ctr|aes256-ctr|chacha20-poly1305@openssh\.com|aes256-gcm@openssh\.com|aes128-gcm@openssh\.com),?)+$ ^((aes128-ctr|aes192-ctr|aes256-ctr|chacha20-poly1305@openssh\.com|aes256-gcm@openssh\.com|aes128-gcm@openssh\.com),?)+$ ca_cert,ocsp ^.*pam.*$ (?i)true userCertificate;binary 1 sssd (?i)demand (?i)true /etc/systemd/system/default.target ^(/usr)?/lib/systemd/system/multi-user.target$ /etc/pam.d/system-auth-local /etc/pam.d/password-auth-local /etc/pam.d/fingerprint-auth /etc/authselect/fingerprint-auth /etc/pam.d/password-auth /etc/authselect/password-auth /etc/pam.d/postlogin /etc/authselect/postlogin /etc/pam.d/smartcard-auth /etc/authselect/smartcard-auth /etc/pam.d/system-auth /etc/authselect/system-auth true true true true true true false true true false true faillog_t ^[^#\n\r]*pam_pwhistory\.so[ \t]+[^#\n\r]*use_authtok.*$ ^[^#\n\r]*pam_pwhistory\.so.*$ ^[^#\n\r]+[ \t]+pam_unix\.so[ \t]+[^#\n\r]+use_authtok.*$ ^[^#\n\r]+[ \t]+pam_unix\.so.*$ /var/run/faillock 2 2 0 0 faillog_t 0 sha512 5000 /etc/systemd/system/ctrl-alt-del.target /dev/null /bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\" 0 900 ^.*ocsp_on.*$ (^|,\s*)ca(\s*,|$) ^.*ocsp_on.*$ (^|,\s*)(crl_auto|crl_offline)(\s*,|$) ^root$ 0 0 -1 ^\s*$ ^[x*]$ ^(!|!!|!\*|\*|!locked)$ ^(!\$6\$|!!\$6\$).*$ SHA-512 .* ^(!|!!|!\*|\*|!locked)$ 0 1000 ^(nobody|nfsnobody)$ ^(?:/usr)?/sbin/nologin$ 0 ^[^:]+:[^:]+:[0-9]+:\s*$ ^.*\bnologin\b.*$ ^(nobody|nfsnobody|root)$ 1000 ^(root|halt|sync|shutdown|nfsnobody)$ ^(!|!!|!\*|\*|!locked).*$ 0 ^(\!|\*).*$ directory false false false false false false false false false directory false false false false false false false false false 1 1 ^(nobody|nfsnobody)$ ^(nobody|nfsnobody)$ 1000 ^(nobody|nfsnobody)$ ^(?:/usr)?/sbin/nologin$ regular true ^(nobody|nfsnobody)$ ^(nobody|nfsnobody)$ 1000 ^(nobody|nfsnobody)$ ^(?:/usr)?/sbin/nologin$ ^\/[^\/\n]*\/[^\/\n]{1,}.*$ ^(nobody|nfsnobody)$ ^(nobody|nfsnobody)$ ^(nobody|nfsnobody)$ ^(nobody|nfsnobody)$ ^(nobody|nfsnobody)$ ^(nobody|nfsnobody)$ symbolic link false false false false false false false 1000 ^(nobody|nfsnobody)$ ^(?:/usr)?/sbin/nologin$ false false false false false false ^(nobody|nfsnobody)$ ^(nobody|nfsnobody)$ ^(nobody|nfsnobody)$ ^(nobody|nfsnobody)$ false false false false false false false false false false 1000 ^(nobody|nfsnobody)$ ^(?:/usr)?/sbin/nologin$ false false false false false false false false 1000 ^(nobody|nfsnobody)$ ^(?:/usr)?/sbin/nologin$ false false false false false false false false 1000 ^(nobody|nfsnobody)$ ^(?:/usr)?/sbin/nologin$ ^(nobody|nfsnobody)$ directory false false false false false false false 1000 ^(nobody|nfsnobody)$ ^(?:/usr)?/sbin/nologin$ directory false false false false false false false true true symbolic link 0 ^[:\.] :: \.\. [:\.]$ ^[^/] [^\\]:[^/] ^(nobody|nfsnobody)$ ^\.bash_history ^(?:.*\s)?random\.trust_cpu=on(?:\s.*)?$ ^(?:.*\s)?random\.trust_cpu=off(?:\s.*)?$ ^['|\(](?!fd)(?!cd)(?!usb).*['|\)]$ ^['|\(](?!fd)(?!cd)(?!usb).*['|\)]$ \bsystemd.debug-shell\b \bsystemd.debug-shell\b 65536 32768 ^aarch64$ ^x86_64$ /etc/localtime ^(/usr)?/share/zoneinfo(/Etc)?/(GMT|UTC)$ active 1 416 (?=[\S\s]*\s(?i)protocol(?-i)="tcp")(?=[\S\s]*\s(?i)Target(?-i)="[^"]+?")(?=[\S\s]*\s(?i)port(?-i)="6514")(?=[\S\s]*\s(?i)StreamDriver(?-i)="gtls")(?=[\S\s]*\s(?i)StreamDriverMode(?-i)="1")(?=[\S\s]*\s(?i)StreamDriverAuthMode(?-i)="x509/name")(?=[\S\s]*\s(?i)StreamDriver\.CheckExtendedKeyPurpose(?-i)="on") active 1 ResultActive=auth_admin PROMISC -p tcp -m limit --limit 25/minute --limit-burst 100 -j INPUT_ZONES ^.*$ 127.0.0.1 0 ^.*$ ::1 0 0 (^| )0/0,tcp,22,,([^ $]+,)?hitcount=\d+(,|$) (^| )0/0,tcp,22,,([^ $]+,)?blockseconds=\d+(,|$) 0 true false true ^/dev/.*$ 1000 true ^/dev/.*$ 1000 true 0 0 0 0 0 0 0 true ^/sysroot/.*$ ^/dev/.*$ true ^/sysroot/.*$ ^/dev/.*$ regular true ^/selinux/(?:(?:member)|(?:user)|(?:relabel)|(?:create)|(?:access)|(?:context))$ ^/sysroot/.*$ ^/dev/.*$ ^/sysroot/.*$ ^/dev/.*$ altfiles ^/sysroot/.*$ ^/dev/.*$ altfiles 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 symbolic link 0 ^/var/log/apt/.* ^/var/log/landscape/.* auth.log ^[bw]tmp((\.|-).*)?$ ^cloud-init\.log.* ^/var/log/(gdm|gdm3)/.*$ ^.*\.journal.*$ ^lastlog.*$ ^localmessages.*$ messages ^secure.*$ ^/var/log/sssd/.*$ syslog ^waagent\.log.*$ symbolic link 0 ^/var/log/apt/.* ^/var/log/landscape/.* auth.log ^[bw]tmp((\.|-).*)?$ ^cloud-init\.log.* ^/var/log/(gdm|gdm3)/.*$ ^.*\.journal.*$ ^lastlog.*$ ^localmessages.*$ messages ^secure.*$ ^/var/log/sssd/.*$ syslog ^waagent\.log.*$ 1000 1000 false symbolic link 0 1000 true true symbolic link true true symbolic link symbolic link 1000 600 600 600 600 600 ^/dev/.*$ ^(?!afs$|autofs$|ceph$|cifs$|smb3$|smbfs$|sshfs$|ncpfs$|ncp$|nfs$|nfs4$|gfs$|gfs2$|glusterfs$|gpfs$|pvfs2$|ocfs2$|lustre$|davfs$|fuse\.sshfs$).+ nodev 1 nodev 1 ^(?!(\/etc\/sysctl\.conf$|(\/etc|\/run|\/usr\/lib)\/sysctl\.d\/)).*$ 0 0 1 ^(block|character) special$ device_t unlabeled_t unconfined_service_t sysadm_t sysadm_r ^(enforcing|permissive)$ x86_64 \blm\b ^(x86_64|aarch64|ppc64le|s390x|.*-amd64)$ bind .+ iso9660 ^false$ ^false$ 0 /etc/crypto-policies/back-ends/krb5.config 1.2 0:20210617-1 ^TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256$ ^final all$ ^512M 1h$ ^no$ ^aes256-ctr,aes256-cbc,aes128-ctr,aes128-cbc$ ^ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256$ ^hmac-sha2-512,hmac-sha2-256$ ^ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1$ ^'-oCiphers=aes256-ctr,aes128-ctr,aes256-cbc,aes128-cbc -oMACs=hmac-sha2-512,hmac-sha2-256 -oGSSAPIKeyExchange=no -oKexAlgorithms=ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 -oPubkeyAcceptedKeyTypes=rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256'$ /etc/profile.d/openssl-rand.sh SHA-256 6488c757642cd493da09dd78ee27f039711a1ad79039900970553772fd2106af fips ^.*"[\s]*fips[\s]*=[\s]*1[\s]*".*$ ^(?:.*\s)?fips=1(?:\s.*)?$ ^FIPS(:(OSPP|NO-SHA1|NO-CAMELLIA|STIG))?$ /usr/share/crypto-policies/FIPS/bind.txt /usr/share/crypto-policies/FIPS/gnutls.txt /usr/share/crypto-policies/FIPS/java.txt /usr/share/crypto-policies/FIPS/javasystem.txt /usr/share/crypto-policies/FIPS/krb5.txt /usr/share/crypto-policies/FIPS/libreswan.txt /usr/share/crypto-policies/FIPS/libssh.txt /usr/share/crypto-policies/FIPS/openssh.txt /usr/share/crypto-policies/FIPS/opensshserver.txt /usr/share/crypto-policies/FIPS/opensslcnf.txt /usr/share/crypto-policies/FIPS/openssl.txt /usr/share/crypto-policies/FIPS/openssl_fips.txt ^.*fips=1.*$ 1 1 1 ^p\+i\+n\+u\+g\+s\+b\+acl(|\+selinux)\+xattrs\+sha512$ static enabled active enabled active ^.*sha512.*$ ^.*acl.*$ ^.*xattrs.*$ fail fail fail fail fail fail fail fail fail fail false false fail fail fail root ^([a-z][a-z0-9][a-z0-9]adm|ora[a-z][a-z0-9][a-z0-9]|oracle)$ sap cle 0 /etc/sudoers.d ^(0|false|no)$ ^yes$ ^security$ \n\s*gpgcheck\s*=\s*(True|1|yes)\s*(\n|$) \n\s*gpgcheck\s*=\s*(False|0|no)\s*(\n|$) 0 0 0 1 ^no$ apparmor.service apparmor.socket active ## Unsuccessful file access (any other opens) This has to go last. -a always,exit -F arch=b32 -S open,openat,openat2,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-access -a always,exit -F arch=b64 -S open,openat,openat2,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-access -a always,exit -F arch=b32 -S open,openat,openat2,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-access -a always,exit -F arch=b64 -S open,openat,openat2,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-access ## Unsuccessful file access (any other opens) This has to go last. -a always,exit -F arch=b32 -S open,openat,openat2,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-access -a always,exit -F arch=b64 -S openat,openat2,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-access -a always,exit -F arch=b32 -S open,openat,openat2,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-access -a always,exit -F arch=b64 -S openat,openat2,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-access ## Unsuccessful file access (any other opens) This has to go last. -a always,exit -F arch=b64 -S open,openat,openat2,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-access -a always,exit -F arch=b64 -S open,openat,openat2,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-access ## Successful file access (any other opens) This has to go last. ## These next two are likely to result in a whole lot of events -a always,exit -F arch=b32 -S open,openat,openat2,open_by_handle_at -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-access -a always,exit -F arch=b64 -S open,openat,openat2,open_by_handle_at -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-access ## Successful file access (any other opens) This has to go last. ## These next two are likely to result in a whole lot of events -a always,exit -F arch=b32 -S open,openat,openat2,open_by_handle_at -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-access -a always,exit -F arch=b64 -S openat,openat2,open_by_handle_at -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-access ## Successful file access (any other opens) This has to go last. ## These next two are likely to result in a whole lot of events -a always,exit -F arch=b64 -S open,openat,openat2,open_by_handle_at -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-access ## First rule - delete all -D ## Increase the buffers to survive stress events. ## Make this bigger for busy systems -b 8192 ## This determine how long to wait in burst of events --backlog_wait_time 60000 ## Set failure mode to syslog -f 1 ## Unsuccessful file creation (open with O_CREAT) -a always,exit -F arch=b32 -S openat,open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b32 -S open -F a1&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b64 -S open -F a1&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b32 -S openat,open_by_handle_at -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b32 -S open -F a1&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b64 -S open -F a1&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-create ## Unsuccessful file creation (open with O_CREAT) -a always,exit -F arch=b32 -S openat,open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b32 -S open -F a1&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b32 -S openat,open_by_handle_at -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b32 -S open -F a1&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-create ## Unsuccessful file creation (open with O_CREAT) -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b64 -S open -F a1&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b64 -S open -F a1&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-create -a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-create ## Successful file creation (open with O_CREAT) -a always,exit -F arch=b32 -S openat,open_by_handle_at -F a2&0100 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-create -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&0100 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-create -a always,exit -F arch=b32 -S open -F a1&0100 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-create -a always,exit -F arch=b64 -S open -F a1&0100 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-create -a always,exit -F arch=b32 -S creat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-create -a always,exit -F arch=b64 -S creat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-create ## Successful file creation (open with O_CREAT) -a always,exit -F arch=b32 -S openat,open_by_handle_at -F a2&0100 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-create -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&0100 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-create -a always,exit -F arch=b32 -S open -F a1&0100 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-create -a always,exit -F arch=b32 -S creat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-create ## Successful file creation (open with O_CREAT) -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&0100 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-create -a always,exit -F arch=b64 -S open -F a1&0100 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-create -a always,exit -F arch=b64 -S creat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-create ## Unsuccessful file delete -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete -a always,exit -F arch=b64 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete -a always,exit -F arch=b64 -S unlink,unlinkat,rename,renameat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete ## Unsuccessful file delete -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete -a always,exit -F arch=b64 -S unlinkat,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete -a always,exit -F arch=b64 -S unlinkat,renameat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete ## Unsuccessful file delete -a always,exit -F arch=b64 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete -a always,exit -F arch=b64 -S unlink,unlinkat,rename,renameat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete ## Successful file delete -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete -a always,exit -F arch=b64 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete ## Successful file delete -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete -a always,exit -F arch=b64 -S unlinkat,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete ## Successful file delete -a always,exit -F arch=b64 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete ## Make the loginuid immutable. This prevents tampering with the auid. --loginuid-immutable ## Unsuccessful file modifications (open for write or truncate) -a always,exit -F arch=b32 -S openat,open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b32 -S open -F a1&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b64 -S open -F a1&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b32 -S truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b64 -S truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b32 -S openat,open_by_handle_at -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b32 -S open -F a1&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b64 -S open -F a1&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b32 -S truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b64 -S truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification ## Unsuccessful file modifications (open for write or truncate) -a always,exit -F arch=b32 -S openat,open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b32 -S open -F a1&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b32 -S truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b64 -S truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b32 -S openat,open_by_handle_at -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b32 -S open -F a1&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b32 -S truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b64 -S truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification ## Unsuccessful file modifications (open for write or truncate) -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b64 -S open -F a1&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b64 -S truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b64 -S open -F a1&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification -a always,exit -F arch=b64 -S truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-modification ## Successful file modifications (open for write or truncate) -a always,exit -F arch=b32 -S openat,open_by_handle_at -F a2&01003 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-modification -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&01003 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-modification -a always,exit -F arch=b32 -S open -F a1&01003 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-modification -a always,exit -F arch=b64 -S open -F a1&01003 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-modification -a always,exit -F arch=b32 -S truncate,ftruncate -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-modification -a always,exit -F arch=b64 -S truncate,ftruncate -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-modification ## Successful file modifications (open for write or truncate) -a always,exit -F arch=b32 -S openat,open_by_handle_at -F a2&01003 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-modification -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&01003 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-modification -a always,exit -F arch=b32 -S open -F a1&01003 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-modification -a always,exit -F arch=b32 -S truncate,ftruncate -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-modification -a always,exit -F arch=b64 -S truncate,ftruncate -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-modification ## Successful file modifications (open for write or truncate) -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&01003 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-modification -a always,exit -F arch=b64 -S open -F a1&01003 -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-modification -a always,exit -F arch=b64 -S truncate,ftruncate -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-modification ## These rules watch for kernel module insertion. By monitoring ## the syscall, we do not need any watches on programs. -a always,exit -F arch=b32 -S init_module,finit_module -F key=module-load -a always,exit -F arch=b64 -S init_module,finit_module -F key=module-load -a always,exit -F arch=b32 -S delete_module -F key=module-unload -a always,exit -F arch=b64 -S delete_module -F key=module-unload ## These rules watch for kernel module insertion. By monitoring ## the syscall, we do not need any watches on programs. -a always,exit -F arch=b64 -S init_module,finit_module -F key=module-load -a always,exit -F arch=b64 -S delete_module -F key=module-unload ## The purpose of these rules is to meet the requirements for Operating ## System Protection Profile (OSPP)v4.2. These rules depends on having ## the following rule files copied to /etc/audit/rules.d: ## ## 10-base-config.rules, 11-loginuid.rules, ## 30-ospp-v42-1-create-failed.rules, 30-ospp-v42-1-create-success.rules, ## 30-ospp-v42-2-modify-failed.rules, 30-ospp-v42-2-modify-success.rules, ## 30-ospp-v42-3-access-failed.rules, 30-ospp-v42-3-access-success.rules, ## 30-ospp-v42-4-delete-failed.rules, 30-ospp-v42-4-delete-success.rules, ## 30-ospp-v42-5-perm-change-failed.rules, ## 30-ospp-v42-5-perm-change-success.rules, ## 30-ospp-v42-6-owner-change-failed.rules, ## 30-ospp-v42-6-owner-change-success.rules ## ## original copies may be found in /usr/share/audit/sample-rules/ ## User add delete modify. This is covered by pam. However, someone could ## open a file and directly create or modify a user, so we'll watch passwd and ## shadow for writes -a always,exit -F arch=b32 -S openat,open_by_handle_at -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b32 -S open -F a1&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b64 -S open -F a1&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b32 -S openat,open_by_handle_at -F a2&03 -F path=/etc/shadow -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&03 -F path=/etc/shadow -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b32 -S open -F a1&03 -F path=/etc/shadow -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b64 -S open -F a1&03 -F path=/etc/shadow -F auid>=1000 -F auid!=unset -F key=user-modify ## User enable and disable. This is entirely handled by pam. ## Group add delete modify. This is covered by pam. However, someone could ## open a file and directly create or modify a user, so we'll watch group and ## gshadow for writes -a always,exit -F arch=b32 -F path=/etc/passwd -F perm=wa -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b64 -F path=/etc/passwd -F perm=wa -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b32 -F path=/etc/shadow -F perm=wa -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b64 -F path=/etc/shadow -F perm=wa -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b32 -F path=/etc/group -F perm=wa -F auid>=1000 -F auid!=unset -F key=group-modify -a always,exit -F arch=b64 -F path=/etc/group -F perm=wa -F auid>=1000 -F auid!=unset -F key=group-modify -a always,exit -F arch=b32 -F path=/etc/gshadow -F perm=wa -F auid>=1000 -F auid!=unset -F key=group-modify -a always,exit -F arch=b64 -F path=/etc/gshadow -F perm=wa -F auid>=1000 -F auid!=unset -F key=group-modify ## Use of special rights for config changes. This would be use of setuid ## programs that relate to user accts. This is not all setuid apps because ## requirements are only for ones that affect system configuration. -a always,exit -F arch=b32 -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/sbin/usernetctl -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/sbin/usernetctl -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/sbin/seunshare -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/sbin/seunshare -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/newuidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/newuidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/newgidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/newgidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/at -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/at -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/sbin/grub2-set-bootflag -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/sbin/grub2-set-bootflag -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes ## Privilege escalation via su or sudo. This is entirely handled by pam. ## Special case for systemd-run. It is not audit aware, specifically watch it -a always,exit -F arch=b32 -F path=/usr/bin/systemd-run -F perm=x -F auid!=unset -F key=maybe-escalation -a always,exit -F arch=b64 -F path=/usr/bin/systemd-run -F perm=x -F auid!=unset -F key=maybe-escalation ## Special case for pkexec. It is not audit aware, specifically watch it -a always,exit -F arch=b32 -F path=/usr/bin/pkexec -F perm=x -F key=maybe-escalation -a always,exit -F arch=b64 -F path=/usr/bin/pkexec -F perm=x -F key=maybe-escalation ## Watch for configuration changes to privilege escalation. -a always,exit -F arch=b32 -F path=/etc/sudoers -F perm=wa -F key=special-config-changes -a always,exit -F arch=b64 -F path=/etc/sudoers -F perm=wa -F key=special-config-changes -a always,exit -F arch=b32 -F dir=/etc/sudoers.d/ -F perm=wa -F key=special-config-changes -a always,exit -F arch=b64 -F dir=/etc/sudoers.d/ -F perm=wa -F key=special-config-changes ## Audit log access -a always,exit -F arch=b32 -F dir=/var/log/audit/ -F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail -a always,exit -F arch=b64 -F dir=/var/log/audit/ -F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail ## Attempts to Alter Process and Session Initiation Information -a always,exit -F arch=b32 -F path=/var/run/utmp -F perm=wa -F auid>=1000 -F auid!=unset -F key=session -a always,exit -F arch=b64 -F path=/var/run/utmp -F perm=wa -F auid>=1000 -F auid!=unset -F key=session -a always,exit -F arch=b32 -F path=/var/log/btmp -F perm=wa -F auid>=1000 -F auid!=unset -F key=session -a always,exit -F arch=b64 -F path=/var/log/btmp -F perm=wa -F auid>=1000 -F auid!=unset -F key=session -a always,exit -F arch=b32 -F path=/var/log/wtmp -F perm=wa -F auid>=1000 -F auid!=unset -F key=session -a always,exit -F arch=b64 -F path=/var/log/wtmp -F perm=wa -F auid>=1000 -F auid!=unset -F key=session ## Attempts to modify MAC controls -a always,exit -F arch=b32 -F dir=/etc/selinux/ -F perm=wa -F auid>=1000 -F auid!=unset -F key=MAC-policy -a always,exit -F arch=b64 -F dir=/etc/selinux/ -F perm=wa -F auid>=1000 -F auid!=unset -F key=MAC-policy ## Software updates. This is entirely handled by rpm. ## System start and shutdown. This is entirely handled by systemd ## Kernel Module loading. This is handled in 43-module-load.rules ## Application invocation. The requirements list an optional requirement ## FPT_SRP_EXT.1 Software Restriction Policies. This event is intended to ## state results from that policy. This would be handled entirely by ## that daemon. ## The purpose of these rules is to meet the requirements for Operating ## System Protection Profile (OSPP)v4.2. These rules depends on having ## the following rule files copied to /etc/audit/rules.d: ## ## 10-base-config.rules, 11-loginuid.rules, ## 30-ospp-v42-1-create-failed.rules, 30-ospp-v42-1-create-success.rules, ## 30-ospp-v42-2-modify-failed.rules, 30-ospp-v42-2-modify-success.rules, ## 30-ospp-v42-3-access-failed.rules, 30-ospp-v42-3-access-success.rules, ## 30-ospp-v42-4-delete-failed.rules, 30-ospp-v42-4-delete-success.rules, ## 30-ospp-v42-5-perm-change-failed.rules, ## 30-ospp-v42-5-perm-change-success.rules, ## 30-ospp-v42-6-owner-change-failed.rules, ## 30-ospp-v42-6-owner-change-success.rules ## ## original copies may be found in /usr/share/audit/sample-rules/ ## User add delete modify. This is covered by pam. However, someone could ## open a file and directly create or modify a user, so we'll watch passwd and ## shadow for writes -a always,exit -F arch=b32 -S openat,open_by_handle_at -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b32 -S open -F a1&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b32 -S openat,open_by_handle_at -F a2&03 -F path=/etc/shadow -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&03 -F path=/etc/shadow -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b32 -S open -F a1&03 -F path=/etc/shadow -F auid>=1000 -F auid!=unset -F key=user-modify ## User enable and disable. This is entirely handled by pam. ## Group add delete modify. This is covered by pam. However, someone could ## open a file and directly create or modify a user, so we'll watch group and ## gshadow for writes -a always,exit -F arch=b32 -F path=/etc/passwd -F perm=wa -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b64 -F path=/etc/passwd -F perm=wa -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b32 -F path=/etc/shadow -F perm=wa -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b64 -F path=/etc/shadow -F perm=wa -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b32 -F path=/etc/group -F perm=wa -F auid>=1000 -F auid!=unset -F key=group-modify -a always,exit -F arch=b64 -F path=/etc/group -F perm=wa -F auid>=1000 -F auid!=unset -F key=group-modify -a always,exit -F arch=b32 -F path=/etc/gshadow -F perm=wa -F auid>=1000 -F auid!=unset -F key=group-modify -a always,exit -F arch=b64 -F path=/etc/gshadow -F perm=wa -F auid>=1000 -F auid!=unset -F key=group-modify ## Use of special rights for config changes. This would be use of setuid ## programs that relate to user accts. This is not all setuid apps because ## requirements are only for ones that affect system configuration. -a always,exit -F arch=b32 -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/sbin/usernetctl -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/sbin/usernetctl -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/sbin/seunshare -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/sbin/seunshare -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/newuidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/newuidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/newgidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/newgidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/bin/at -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/at -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b32 -F path=/usr/sbin/grub2-set-bootflag -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/sbin/grub2-set-bootflag -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes ## Privilege escalation via su or sudo. This is entirely handled by pam. ## Special case for systemd-run. It is not audit aware, specifically watch it -a always,exit -F arch=b32 -F path=/usr/bin/systemd-run -F perm=x -F auid!=unset -F key=maybe-escalation -a always,exit -F arch=b64 -F path=/usr/bin/systemd-run -F perm=x -F auid!=unset -F key=maybe-escalation ## Special case for pkexec. It is not audit aware, specifically watch it -a always,exit -F arch=b32 -F path=/usr/bin/pkexec -F perm=x -F key=maybe-escalation -a always,exit -F arch=b64 -F path=/usr/bin/pkexec -F perm=x -F key=maybe-escalation ## Watch for configuration changes to privilege escalation. -a always,exit -F arch=b32 -F path=/etc/sudoers -F perm=wa -F key=special-config-changes -a always,exit -F arch=b64 -F path=/etc/sudoers -F perm=wa -F key=special-config-changes -a always,exit -F arch=b32 -F dir=/etc/sudoers.d/ -F perm=wa -F key=special-config-changes -a always,exit -F arch=b64 -F dir=/etc/sudoers.d/ -F perm=wa -F key=special-config-changes ## Audit log access -a always,exit -F arch=b32 -F dir=/var/log/audit/ -F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail -a always,exit -F arch=b64 -F dir=/var/log/audit/ -F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail ## Attempts to Alter Process and Session Initiation Information -a always,exit -F arch=b32 -F path=/var/run/utmp -F perm=wa -F auid>=1000 -F auid!=unset -F key=session -a always,exit -F arch=b64 -F path=/var/run/utmp -F perm=wa -F auid>=1000 -F auid!=unset -F key=session -a always,exit -F arch=b32 -F path=/var/log/btmp -F perm=wa -F auid>=1000 -F auid!=unset -F key=session -a always,exit -F arch=b64 -F path=/var/log/btmp -F perm=wa -F auid>=1000 -F auid!=unset -F key=session -a always,exit -F arch=b32 -F path=/var/log/wtmp -F perm=wa -F auid>=1000 -F auid!=unset -F key=session -a always,exit -F arch=b64 -F path=/var/log/wtmp -F perm=wa -F auid>=1000 -F auid!=unset -F key=session ## Attempts to modify MAC controls -a always,exit -F arch=b32 -F dir=/etc/selinux/ -F perm=wa -F auid>=1000 -F auid!=unset -F key=MAC-policy -a always,exit -F arch=b64 -F dir=/etc/selinux/ -F perm=wa -F auid>=1000 -F auid!=unset -F key=MAC-policy ## Software updates. This is entirely handled by rpm. ## System start and shutdown. This is entirely handled by systemd ## Kernel Module loading. This is handled in 43-module-load.rules ## Application invocation. The requirements list an optional requirement ## FPT_SRP_EXT.1 Software Restriction Policies. This event is intended to ## state results from that policy. This would be handled entirely by ## that daemon. ## The purpose of these rules is to meet the requirements for Operating ## System Protection Profile (OSPP)v4.2. These rules depends on having ## the following rule files copied to /etc/audit/rules.d: ## ## 10-base-config.rules, 11-loginuid.rules, ## 30-ospp-v42-1-create-failed.rules, 30-ospp-v42-1-create-success.rules, ## 30-ospp-v42-2-modify-failed.rules, 30-ospp-v42-2-modify-success.rules, ## 30-ospp-v42-3-access-failed.rules, 30-ospp-v42-3-access-success.rules, ## 30-ospp-v42-4-delete-failed.rules, 30-ospp-v42-4-delete-success.rules, ## 30-ospp-v42-5-perm-change-failed.rules, ## 30-ospp-v42-5-perm-change-success.rules, ## 30-ospp-v42-6-owner-change-failed.rules, ## 30-ospp-v42-6-owner-change-success.rules ## ## original copies may be found in /usr/share/audit/sample-rules/ ## User add delete modify. This is covered by pam. However, someone could ## open a file and directly create or modify a user, so we'll watch passwd and ## shadow for writes -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b64 -S open -F a1&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b64 -S openat,open_by_handle_at -F a2&03 -F path=/etc/shadow -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b64 -S open -F a1&03 -F path=/etc/shadow -F auid>=1000 -F auid!=unset -F key=user-modify ## User enable and disable. This is entirely handled by pam. ## Group add delete modify. This is covered by pam. However, someone could ## open a file and directly create or modify a user, so we'll watch group and ## gshadow for writes -a always,exit -F arch=b64 -F path=/etc/passwd -F perm=wa -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b64 -F path=/etc/shadow -F perm=wa -F auid>=1000 -F auid!=unset -F key=user-modify -a always,exit -F arch=b64 -F path=/etc/group -F perm=wa -F auid>=1000 -F auid!=unset -F key=group-modify -a always,exit -F arch=b64 -F path=/etc/gshadow -F perm=wa -F auid>=1000 -F auid!=unset -F key=group-modify ## Use of special rights for config changes. This would be use of setuid ## programs that relate to user accts. This is not all setuid apps because ## requirements are only for ones that affect system configuration. -a always,exit -F arch=b64 -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/sbin/usernetctl -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/sbin/seunshare -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/newuidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/newgidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/bin/at -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes -a always,exit -F arch=b64 -F path=/usr/sbin/grub2-set-bootflag -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes ## Privilege escalation via su or sudo. This is entirely handled by pam. ## Special case for systemd-run. It is not audit aware, specifically watch it -a always,exit -F arch=b64 -F path=/usr/bin/systemd-run -F perm=x -F auid!=unset -F key=maybe-escalation ## Special case for pkexec. It is not audit aware, specifically watch it -a always,exit -F arch=b64 -F path=/usr/bin/pkexec -F perm=x -F key=maybe-escalation ## Watch for configuration changes to privilege escalation. -a always,exit -F arch=b64 -F path=/etc/sudoers -F perm=wa -F key=special-config-changes -a always,exit -F arch=b64 -F dir=/etc/sudoers.d/ -F perm=wa -F key=special-config-changes ## Audit log access -a always,exit -F arch=b64 -F dir=/var/log/audit/ -F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail ## Attempts to Alter Process and Session Initiation Information -a always,exit -F arch=b64 -F path=/var/run/utmp -F perm=wa -F auid>=1000 -F auid!=unset -F key=session -a always,exit -F arch=b64 -F path=/var/log/btmp -F perm=wa -F auid>=1000 -F auid!=unset -F key=session -a always,exit -F arch=b64 -F path=/var/log/wtmp -F perm=wa -F auid>=1000 -F auid!=unset -F key=session ## Attempts to modify MAC controls -a always,exit -F arch=b64 -F dir=/etc/selinux/ -F perm=wa -F auid>=1000 -F auid!=unset -F key=MAC-policy ## Software updates. This is entirely handled by rpm. ## System start and shutdown. This is entirely handled by systemd ## Kernel Module loading. This is handled in 43-module-load.rules ## Application invocation. The requirements list an optional requirement ## FPT_SRP_EXT.1 Software Restriction Policies. This event is intended to ## state results from that policy. This would be handled entirely by ## that daemon. ## Unsuccessful ownership change -a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-owner-change -a always,exit -F arch=b64 -S lchown,fchown,chown,fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-owner-change -a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-owner-change -a always,exit -F arch=b64 -S lchown,fchown,chown,fchownat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-owner-change ## Unsuccessful ownership change -a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-owner-change -a always,exit -F arch=b64 -S fchown,fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-owner-change -a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-owner-change -a always,exit -F arch=b64 -S fchown,fchownat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-owner-change ## Unsuccessful ownership change -a always,exit -F arch=b64 -S lchown,fchown,chown,fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-owner-change -a always,exit -F arch=b64 -S lchown,fchown,chown,fchownat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-owner-change ## Successful ownership change -a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-owner-change -a always,exit -F arch=b64 -S lchown,fchown,chown,fchownat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-owner-change ## Successful ownership change -a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-owner-change -a always,exit -F arch=b64 -S fchown,fchownat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-owner-change ## Successful ownership change -a always,exit -F arch=b64 -S lchown,fchown,chown,fchownat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-owner-change ## Unsuccessful permission change -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-perm-change -a always,exit -F arch=b64 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-perm-change -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-perm-change -a always,exit -F arch=b64 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-perm-change ## Unsuccessful permission change -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-perm-change -a always,exit -F arch=b64 -S fchmod,fchmodat,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-perm-change -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-perm-change -a always,exit -F arch=b64 -S fchmod,fchmodat,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-perm-change ## Unsuccessful permission change -a always,exit -F arch=b64 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-perm-change -a always,exit -F arch=b64 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-perm-change ## Successful permission change -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-perm-change -a always,exit -F arch=b64 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-perm-change ## Successful permission change -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-perm-change -a always,exit -F arch=b64 -S fchmod,fchmodat,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-perm-change ## Successful permission change -a always,exit -F arch=b64 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-perm-change ^yes$ ^out$ ^/sbin/audisp-remote$ ^always$ ^(?i)yes(?-i)$ ^(?i)ENRICHED(?-i)$ ^(?i)yes(?-i)$ ^1 -1$ ^LinuxAudit$ ^0$ ^0$ ^none$ ^none$ ^(?:.*\s)?audit_backlog_limit=8192(?:\s.*)?$ ^(?:.*\s)?audit_backlog_limit=8192(?:\s.*)?$ ^(?:.*\s)?audit_backlog_limit=8192(?:\s.*)?$ ^(?:.*\s)?audit=1(?:\s.*)?$ ^(?:.*\s)?audit=1(?:\s.*)?$ ^(?:.*\s)?audit=1(?:\s.*)?$ ^(?:.*\s)?systemd.confirm_spawn=(?:1|yes|true|on)(?:\s.*)?$ ^(?:.*\s)?systemd.confirm_spawn=(?:1|yes|true|on)(?:\s.*)?$ ^(?:.*\s)?systemd.confirm_spawn=(?:1|yes|true|on)(?:\s.*)?$ ^(?:.*\s)?selinux=0(?:\s.*)?$ ^(?:.*\s)?selinux=0(?:\s.*)?$ ^(?:.*\s)?selinux=0(?:\s.*)?$ ^(?:.*\s)?nousb(?:\s.*)?$ ^(?:.*\s)?nousb(?:\s.*)?$ ^(?:.*\s)?nousb(?:\s.*)?$ ^(?:.*\s)?page_poison=1(?:\s.*)?$ ^(?:.*\s)?page_poison=1(?:\s.*)?$ ^(?:.*\s)?page_poison=1(?:\s.*)?$ ^(?:.*\s)?pti=on(?:\s.*)?$ ^(?:.*\s)?pti=on(?:\s.*)?$ ^(?:.*\s)?pti=on(?:\s.*)?$ ^(?:.*\s)?slub_debug=P(?:\s.*)?$ ^(?:.*\s)?slub_debug=P(?:\s.*)?$ ^(?:.*\s)?slub_debug=P(?:\s.*)?$ ^(?:.*\s)?vsyscall=none(?:\s.*)?$ ^(?:.*\s)?vsyscall=none(?:\s.*)?$ ^(?:.*\s)?vsyscall=none(?:\s.*)?$ ^true$ ^'lock-screen'$ symbolic link symbolic link false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false symbolic link false false false false false false false symbolic link false false false false false symbolic link false false false false false false false false false symbolic link ^no$ ^no$ false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false false false false false false false false false false false false false false false false false false false false false false symbolic link false false false false false false false false false false false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false false false symbolic link false false false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false false false symbolic link false false false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false false false symbolic link false false false false false false false false false false symbolic link false false false false false false false false symbolic link true false false false false true false false true false false false symbolic link false false false false false false false false false false false false false false false false false false symbolic link false false false false false false false false false false symbolic link false false false false false false false false false false symbolic link false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false false symbolic link false false false false false false false false symbolic link false false false false false false false symbolic link ^nftables$ ^(?:.*\s)?audit=1(?:\s.*)?$ ^(?:.*\s)?iommu=force(?:\s.*)?$ ^(?:.*\s)?init_on_alloc=1(?:\s.*)?$ ^(?:.*\s)?init_on_free=1(?:\s.*)?$ ^(?:.*\s)?ipv6\.disable=1(?:\s.*)?$ ^(?:.*\s)?mce=0(?:\s.*)?$ ^(?:.*\s)?nousb(?:\s.*)?$ ^(?:.*\s)?page_alloc\.shuffle=1(?:\s.*)?$ ^(?:.*\s)?page_poison=1(?:\s.*)?$ ^(?:.*\s)?pti=on(?:\s.*)?$ ^(?:.*\s)?slab_nomerge=yes(?:\s.*)?$ ^(?:.*\s)?spectre_v2=on(?:\s.*)?$ ^(?:.*\s)?vsyscall=none(?:\s.*)?$ ^yes$ ^no$ ^yes$ ^persistent$ n y n y y n n y n y y y y n y y y y y y y n n n n n n n y n n y y y y y y y y y n y y y y y y y y y n y y y n y y y y y y y y n nosuid 1 nosuid noauto 1 noauto nodev 1 nodev noexec 1 noexec nosuid 1 nosuid nodev 1 nodev noexec 1 noexec nosuid 1 nosuid grpquota 1 grpquota nodev 1 nodev noexec 1 noexec nosuid 1 nosuid usrquota 1 usrquota ^.*sec=krb5:krb5i:krb5p.*$ ^.*nodev.*$ ^.*,?nodev,?.*$ ^.*,?nodev,?.* ^.*noexec.*$ ^.*,?noexec,?.*$ ^.*,?noexec,?.* ^.*nosuid.*$ ^.*,?nosuid,?.*$ ^.*,?nosuid,?.* nosuid 1 nosuid 1 nosuid 1 nosuid nodev 1 nodev noexec 1 noexec nosuid 1 nosuid nodev 1 nodev noexec 1 noexec nosuid 1 nosuid nodev 1 nodev noexec 1 noexec nosuid 1 nosuid nodev 1 nodev noexec 1 noexec nosuid 1 nosuid nodev 1 nodev noexec 1 noexec nosuid 1 nosuid ^none|default$ ^none|default$ chronyd 0:2.17-55.0.4.el7_0.3 iptables iptables nftables 0:1.4.0-11 0:1.4.0-11 systemd-timesyncd systemd-timesyncd ufw ufw false false false false false false false false false symbolic link ^history.log.*$ ^eipp.log.xz.*$ ^[bw]tmp$ ^[bw]tmp..*$ ^[bw]tmp-.*$ ^lastlog$ ^lastlog..*$ (?:file="[^\s;]+"|\$IncludeConfig[\s]+[^\s;]+|\/dev\/.*) regular (?:file="[^\s;]+"|\$IncludeConfig[\s]+[^\s;]+|\/dev\/.*) regular (?:file="[^\s;]+"|\$IncludeConfig[\s]+[^\s;]+|\/dev\/.*) regular false false false false false false false false false abrt_anon_write abrt_handle_event abrt_upload_watch_anon_write antivirus_can_scan_system antivirus_use_jit auditadm_exec_content authlogin_nsswitch_use_ldap authlogin_radius authlogin_yubikey awstats_purge_apache_log_files boinc_execmem cdrecord_read_content cluster_can_network_connect cluster_manage_all_files cluster_use_execmem cobbler_anon_write cobbler_can_network_connect cobbler_use_cifs cobbler_use_nfs collectd_tcp_network_connect condor_tcp_network_connect conman_can_network container_connect_any cron_can_relabel cron_system_cronjob_use_shares cron_userdomain_transition cups_execmem cvs_read_shadow daemons_dump_core daemons_enable_cluster_mode daemons_use_tcp_wrapper daemons_use_tty dbadm_exec_content dbadm_manage_user_files dbadm_read_user_files deny_execmem deny_ptrace dhcpc_exec_iptables dhcpd_use_ldap domain_fd_use domain_kernel_load_modules entropyd_use_audio exim_can_connect_db exim_manage_user_files exim_read_user_files fcron_crond fenced_can_network_connect fenced_can_ssh fips_mode ftpd_anon_write ftpd_connect_all_unreserved ftpd_connect_db ftpd_full_access ftpd_use_cifs ftpd_use_fusefs ftpd_use_nfs ftpd_use_passive_mode git_cgi_enable_homedirs git_cgi_use_cifs git_cgi_use_nfs git_session_bind_all_unreserved_ports git_session_users git_system_enable_homedirs git_system_use_cifs git_system_use_nfs gitosis_can_sendmail glance_api_can_network glance_use_execmem glance_use_fusefs global_ssp gluster_anon_write gluster_export_all_ro gluster_export_all_rw gpg_web_anon_write gssd_read_tmp guest_exec_content haproxy_connect_any httpd_anon_write httpd_builtin_scripting httpd_can_check_spam httpd_can_connect_ftp httpd_can_connect_ldap httpd_can_connect_mythtv httpd_can_connect_zabbix httpd_can_network_connect httpd_can_network_connect_cobbler httpd_can_network_connect_db httpd_can_network_memcache httpd_can_network_relay httpd_can_sendmail httpd_dbus_avahi httpd_dbus_sssd httpd_dontaudit_search_dirs httpd_enable_cgi httpd_enable_ftp_server httpd_enable_homedirs httpd_execmem httpd_graceful_shutdown httpd_manage_ipa httpd_mod_auth_ntlm_winbind httpd_mod_auth_pam httpd_read_user_content httpd_run_ipa httpd_run_preupgrade httpd_run_stickshift httpd_serve_cobbler_files httpd_setrlimit httpd_ssi_exec httpd_sys_script_anon_write httpd_tmp_exec httpd_tty_comm httpd_unified httpd_use_cifs httpd_use_fusefs httpd_use_gpg httpd_use_nfs httpd_use_openstack httpd_use_sasl httpd_verify_dns icecast_use_any_tcp_ports irc_use_any_tcp_ports irssi_use_full_network kdumpgui_run_bootloader kerberos_enabled ksmtuned_use_cifs ksmtuned_use_nfs logadm_exec_content logging_syslogd_can_sendmail logging_syslogd_run_nagios_plugins logging_syslogd_use_tty login_console_enabled logrotate_use_nfs logwatch_can_network_connect_mail lsmd_plugin_connect_any mailman_use_fusefs mcelog_client mcelog_exec_scripts mcelog_foreground mcelog_server minidlna_read_generic_user_content mmap_low_allowed mock_enable_homedirs mount_anyfile mozilla_plugin_bind_unreserved_ports mozilla_plugin_can_network_connect mozilla_plugin_use_bluejeans mozilla_plugin_use_gps mozilla_plugin_use_spice mozilla_read_content mpd_enable_homedirs mpd_use_cifs mpd_use_nfs mplayer_execstack mysql_connect_any nagios_run_pnp4nagios nagios_run_sudo named_tcp_bind_http_port named_write_master_zones neutron_can_network nfs_export_all_ro nfs_export_all_rw nfsd_anon_write nis_enabled nscd_use_shm openshift_use_nfs openvpn_can_network_connect openvpn_enable_homedirs openvpn_run_unconfined pcp_bind_all_unreserved_ports pcp_read_generic_logs piranha_lvs_can_network_connect polipo_connect_all_unreserved polipo_session_bind_all_unreserved_ports polipo_session_users polipo_use_cifs polipo_use_nfs polyinstantiation_enabled postfix_local_write_mail_spool postgresql_can_rsync postgresql_selinux_transmit_client_label postgresql_selinux_unconfined_dbadm postgresql_selinux_users_ddl pppd_can_insmod pppd_for_user privoxy_connect_any prosody_bind_http_port puppetagent_manage_all_files puppetmaster_use_db racoon_read_shadow rsync_anon_write rsync_client rsync_export_all_ro rsync_full_access samba_create_home_dirs samba_domain_controller samba_enable_home_dirs samba_export_all_ro samba_export_all_rw samba_load_libgfapi samba_portmapper samba_run_unconfined samba_share_fusefs samba_share_nfs sanlock_use_fusefs sanlock_use_nfs sanlock_use_samba saslauthd_read_shadow secadm_exec_content secure_mode secure_mode_insmod secure_mode_policyload selinuxuser_direct_dri_enabled selinuxuser_execheap selinuxuser_execmod selinuxuser_execstack selinuxuser_mysql_connect_enabled selinuxuser_ping selinuxuser_postgresql_connect_enabled selinuxuser_rw_noexattrfile selinuxuser_share_music selinuxuser_tcp_server selinuxuser_udp_server selinuxuser_use_ssh_chroot sge_domain_can_network_connect sge_use_nfs smartmon_3ware smbd_anon_write spamassassin_can_network spamd_enable_home_dirs squid_connect_any squid_use_tproxy ssh_chroot_rw_homedirs ssh_keysign ssh_sysadm_login staff_exec_content staff_use_svirt swift_can_network sysadm_exec_content telepathy_connect_all_ports telepathy_tcp_connect_generic_network_ports tftp_anon_write tftp_home_dir tmpreaper_use_nfs tmpreaper_use_samba tor_bind_all_unreserved_ports tor_can_network_relay unconfined_chrome_sandbox_transition unconfined_login unconfined_mozilla_plugin_transition unprivuser_use_svirt use_ecryptfs_home_dirs use_fusefs_home_dirs use_lpd_server use_nfs_home_dirs use_samba_home_dirs user_exec_content varnishd_connect_any virt_read_qemu_ga_data virt_rw_qemu_ga_data virt_sandbox_use_all_caps virt_sandbox_use_audit virt_sandbox_use_mknod virt_sandbox_use_netlink virt_sandbox_use_sys_admin virt_transition_userdomain virt_use_comm virt_use_execmem virt_use_fusefs virt_use_nfs virt_use_rawip virt_use_samba virt_use_sanlock virt_use_usb virt_use_xserver webadm_manage_user_files webadm_read_user_files wine_mmap_zero_ignore xdm_bind_vnc_tcp_port xdm_exec_bootloader xdm_sysadm_login xdm_write_home xen_use_nfs xend_run_blktap xend_run_qemu xguest_connect_network xguest_exec_content xguest_mount_media xguest_use_bluetooth xserver_clients_write_xshm xserver_execmem xserver_object_manager zabbix_can_network zarafa_setrlimit zebra_write_config zoneminder_anon_write zoneminder_run_sudo SuSEfirewall2.service SuSEfirewall2.socket active inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found auditd.service auditd.socket active inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found chronyd inactive|failed masked not-found chrony.service chrony.socket active chronyd inactive|failed masked not-found inactive|failed masked not-found cron.service cron.socket active crond.service crond.socket active inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found docker.service docker.socket active inactive|failed masked not-found fapolicyd.service fapolicyd.socket active inactive|failed masked not-found firewalld.service firewalld.socket active inactive|failed masked not-found ip6tables.service ip6tables.socket active iptables.service iptables.socket active inactive|failed masked not-found inactive|failed masked not-found nails.service nails.socket active inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found nftables.service nftables.socket active inactive|failed masked not-found ntp.service ntp.socket active ntpd.service ntpd.socket active inactive|failed masked not-found inactive|failed masked not-found pcscd.service pcscd.socket active inactive|failed masked not-found postfix.service postfix.socket active psacct.service psacct.socket active inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found rngd.service rngd.socket active inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found rsyslog.service rsyslog.socket active inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found ssh.service ssh.socket active sssd.service sssd.socket active inactive|failed masked not-found syslog-ng.service syslog-ng.socket active inactive|failed masked not-found masked systemd-journal-upload.service systemd-journal-upload.socket active systemd-journald.service systemd-journald.socket active inactive|failed masked not-found inactive|failed masked not-found systemd-timesyncd inactive|failed masked not-found systemd-timesyncd.service systemd-timesyncd.socket active systemd-timesyncd ufw.service ufw.socket active ufw usbguard.service usbguard.socket active inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found inactive|failed masked not-found masked ^2$ ^2$ ^no$ ^no$ ^yes$ ^yes$ ^no$ ^no$ ^no$ ^no$ ^no$ ^no$ ^yes$ ^yes$ ^no$ ^no$ ^no$ ^no$ ^prohibit-password$ ^prohibit-password$ ^no$ ^no$ ^yes$ ^yes$ ^no$ ^no$ ^no$ ^no$ ^yes$ ^yes$ ^yes$ ^yes$ ^yes$ ^yes$ ^yes$ ^yes$ ^/etc/issue$ ^/etc/issue$ ^/etc/issue.net$ ^/etc/issue.net$ ^yes$ ^yes$ ^yes$ ^yes$ ^0$ ^0$ ^INFO$ ^INFO$ ^VERBOSE$ ^VERBOSE$ ^32$ ^yes$ ^yes$ false false false false false false false false false symbolic link 2 2 1 1 2 2 1 1 0 0 |/bin/false |/bin/false 0 0 1 1 1 1 1 1 1 1 1 1 1 1 2 2 65536 65536 2 2 0 0 1 1 1 2 1 2 1 1 2 2 0 0 1 1 0 0 0 0 0 0 0 0 32768\s*65535 32768\s*65535 1 1 1 1 0 0 0 0 65536 65536 tmp.mount active dnf-automatic.timer active logrotate.timer active ^(?:.*\s)?audit=1(?:\s.*)?$ ^(?:.*\s)?audit=1(?:\s.*)?$ ^(?:.*\s)?audit_backlog_limit=8192(?:\s.*)?$ ^(?:.*\s)?audit_backlog_limit=8192(?:\s.*)?$ ^(?:.*\s)?init_on_alloc=1(?:\s.*)?$ ^(?:.*\s)?init_on_alloc=1(?:\s.*)?$ ^(?:.*\s)?page_alloc\.shuffle=1(?:\s.*)?$ ^(?:.*\s)?page_alloc\.shuffle=1(?:\s.*)?$ ^(?:.*\s)?page_poison=1(?:\s.*)?$ ^(?:.*\s)?page_poison=1(?:\s.*)?$ ^(?:.*\s)?slub_debug=P(?:\s.*)?$ ^(?:.*\s)?slub_debug=P(?:\s.*)?$ ^(?:.*\s)?vsyscall=none(?:\s.*)?$ ^(?:.*\s)?vsyscall=none(?:\s.*)?$ /ostree symbolic link ^(true|"true")$ amzn 2023 ^23.*$ centos 10 centos 8 centos 9 ^10.*$ ol ^10.*$ ^7.*$ ^8.*$ ^9.*$ ^22\.03.*$ openSUSE-release ^15.*$ ^16.*$ unix rhcos coreos ^9\. 4 9 rhel unix ^10.*$ 10 unix ^8\.\d{1,2}$ ^8.0*$ ^8.1*$ ^8.2*$ ^8.3*$ ^8.4*$ ^8.5*$ ^8.6*$ ^8.7*$ ^8.8*$ ^8.9*$ ^8.10*$ 8 unix ^9.*$ 9 0:4.4 unix ^12.*$ ^12.*$ ^12.*$ unix ^15.*$ ^15.*$ ^15.*$ ^4.*$ ^15.*$ unix ^16.*$ ^16.*$ ^16.*$ unix ^5.*$ ^5.*$ unix ^6.*$ ^4.*$ bwrap-osbuild 1 2 0 0:7.4 aarch64 ppc64 ppc64le s390x i686 x86_64 true /dev/cdrom ^[\s]*-a always,exit (?:-F path=([\S]+))+(?: -F perm=x)? -F auid>=1000 -F auid!=(?:4294967295|unset)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?i) (?i) (?i) (?i) (?i) ^(?:server)[[:space:]] $ ^(?:pool)[[:space:]] $ ^[[:space:]]*(NTP|FallbackNTP)[[:space:]]*=[[:space:]]* .*$ ^[\s]*RekeyLimit[\s]+ [\s]+ [\s]*$ ^(dmz|external|home|internal|public|trusted|work)\.xml$ ^ [\s]+ [\s]*$ ^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)(?=.*?\bnew_authtok_reqd=done\b)(?=.*?\bdefault=ignore\b).*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail ^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_unix\.so ^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)(?=.*?\bnew_authtok_reqd=done\b)(?=.*?\bdefault=ignore\b).*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail ^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_unix\.so ^[\s]*auth[\s]+(?:required|requisite)[\s]+pam_faillock.so[^\n#]preauth[^\n#]*audit ^[ \t]*password[ \t]+(?:(?:sufficient)|(?:required)|(?:requisite)|(?:\[.*\]))[ \t]+pam_pwhistory\.so.*$ ^\s*password\s+(?: )\s+pam_pwhistory\.so.*$ ^\s*password\b.*\bpam_pwhistory\.so\b.*\bremember=([0-9]*).*$ ^\s*remember\s*=\s*([0-9]+) ^\s*password\s+(?: )\s+pam_pwhistory\.so.*$ ^\s*password\b.*\bpam_pwhistory\.so\b.*\bremember=([0-9]*).*$ ^\s*remember\s*=\s*([0-9]+) ^\s*password\s+(?:(?:requisite)|(?:required))\s+pam_pwhistory\.so.*$ ^\s*password\b.*\bpam_pwhistory\.so\b.*\bremember=([0-9]*).*$ ^\s*remember\s*=\s*([0-9]+) ^\s*auth.*pam_unix\.so ^\s*auth\s+(requisite|required)\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail ^\s*account\s+required\s+pam_faillock\.so\s*(#.*)?$ ^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^ ]*audit ^[\s]*audit ^[\s]*auth\N+pam_unix\.so ^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)(?=.*?\bnew_authtok_reqd=done\b)(?=.*?\bdefault=ignore\b).*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail ^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_unix\.so ^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*even_deny_root ^[\s]*even_deny_root dir\s*=\s*(\S+|"[^"]+) ^[\s]*auth[\s]+(?:required|requisite) [\s]+pam_faillock.so[^\n#]* ^[\s]* ^\s*auth\N+pam_unix\.so ^\s*auth\s+(requisite|required)\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail ^\s*account\s+required\s+pam_faillock\.so\s*(#.*)?$ ^[\s]*auth\N+pam_unix\.so ^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)(?=.*?\bnew_authtok_reqd=done\b)(?=.*?\bdefault=ignore\b).*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail ^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_unix\.so ^[\s]*local_users_only ^\s*auth.*pam_unix\.so ^\s*auth\s+(requisite|required)\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail[\s\S]*^\s*auth\s+sufficient\s+pam_faillock\.so\s+authsucc ^\s*account\s+required\s+pam_faillock\.so\s*(#.*)?$ ^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^ ]*silent ^[\s]*silent ^\s*auth\N+pam_unix\.so ^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)(?=.*?\bnew_authtok_reqd=done\b)(?=.*?\bdefault=ignore\b).*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail ^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_unix\.so ^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*unlock_time=([0-9]+) ^[\s]*unlock_time[\s]*=[\s]*([0-9]+) ^ $ \nauth[\s]+required[\s]+pam_env.so (\nauth[\s]+required[\s]+pam_faildelay.so[\s]+delay=2000000)? \nauth[\s]+\[success=1[\s]default=ignore\][\s]pam_succeed_if.so[\s]service[\s]notin[\s] login:gdm:xdm:kdm:xscreensaver:gnome-screensaver:kscreensaver[\s]quiet[\s]use_uid \nauth[\s]+\[success=done[\s]authinfo_unavail=ignore[\s]ignore=ignore[\s]default=die\][\s] pam_pkcs11.so[\s]nodebug\n \nauth[\s]+required[\s]+pam_env.so (\nauth[\s]+required[\s]+pam_faildelay.so[\s]+delay=2000000)? \nauth[\s]+\[success=1[\s]default=ignore\][\s]pam_succeed_if.so[\s]service[\s]notin[\s] login:gdm:xdm:kdm:xscreensaver:gnome-screensaver:kscreensaver[\s]quiet[\s]use_uid \nauth[\s]+\[success=done[\s]ignore=ignore[\s]default=die\][\s] pam_pkcs11.so[\s]nodebug[\s]wait_for_card\n \nauth[\s]+required[\s]+pam_env.so.* \nauth[\s]+\[success=done[\s]ignore=ignore[\s]default=die\][\s] pam_pkcs11.so[\s]nodebug[\s]wait_for_card\n.* \npassword[\s]+required[\s]+pam_pkcs11.so\n ^.*:.*:.*: :.*:.*:.*$ 86400 0 -1 ^ :[^:]+:[0-9]+:.*$ ^(?: ):(?:[^:]*:){5}([^:]+)$ ^(?: ):(?:[^:]*:){4}([^:]+):[^:]*$ ^(?: :)(?:[^:]*:){2}([^:]+):(?:[^:]*:){2}[^:]*$ ^[^#]* ^(?: ):(?:[^:]*:){4}([^:]+):[^:]*$ ^(?: :)(?:[^:]*:)([^:]+):(?:[^:]*:){3}[^:]*$ ^(?: ):(?:[^:]*:){4}([^:]+):[^:]*$ ^(?: ):(?:[^:]*:){4}([^:]+):[^:]*$ ^(?: :)(?:[^:]*:){2}([^:]+):(?:[^:]*:){2}[^:]*$ ^(?: ):(?:[^:]*:){4}([^:]+):[^:]*$ ^(?: :)(?:[^:]*:)([^:]+):(?:[^:]*:){3}[^:]*$ ^(?: ):(?:[^:]*:){4}([^:]+):[^:]*$ ^(?: ):(?:[^:]*:){4}([^:]+):[^:]*$ ^(?: :)(?:[^:]*:){2}([^:]+):(?:[^:]*:){2}[^:]*$ ^(?: ):(?:[^:]*:){4}([^:]+):[^:]*$ ^(?: :)(?:[^:]*:)([^:]+):(?:[^:]*:){3}[^:]*$ ^(?: ):(?:[^:]*:){4}([^:]+):[^:]*$ 64 8 64 8 64 8 64 8 ^(?: ):(?:[^:]*:){4}([^:]+):[^:]*$ /boot/config- 64 8 .xml .xml ^[^:]+:[^:]*:( ):$ ^[^:]*:[^:]*: :(\d+):.*$ 64 8 /dev/mapper/ Ciphers MACs / ^ :x:(\d+):.*$ ^\s*auth\N+pam_unix\.so ^\s*auth\s+(requisite|required)\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail ^\s*account\s+required\s+pam_faillock\.so\s*(#.*)?$ ^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*deny=([0-9]+) ^[\s]*deny[\s]*=[\s]*([0-9]+) ^\s*auth\N+pam_unix\.so ^\s*auth\s+(requisite|required)\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail ^\s*account\s+required\s+pam_faillock\.so\s*(#.*)?$ ^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*fail_interval=([0-9]+) ^[\s]*fail_interval[\s]*=[\s]*([0-9]+) ^\s*auth\N+pam_unix\.so ^\s*auth\s+(requisite|required)\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail ^\s*account\s+required\s+pam_faillock\.so\s*(#.*)?$ ^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*root_unlock_time=([0-9]+) ^[\s]*root_unlock_time[\s]*=[\s]*([0-9]+) ^\s*auth\N+pam_unix\.so ^\s*auth\s+(requisite|required)\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail ^\s*account\s+required\s+pam_faillock\.so\s*(#.*)?$ ^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*unlock_time=([0-9]+) ^[\s]*unlock_time[\s]*=[\s]*([0-9]+) ^\-w[\s]+ \/etc\/cron.d\/ [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(open)(?:,[\S]+)*)[\s]+(?:-F[\s]+a1&03)[\s]+(?:-F[\s]+path=/etc/group)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(open)(?:,[\S]+)*)[\s]+(?:-F[\s]+a1&03)[\s]+(?:-F[\s]+path=/etc/group)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(open_by_handle_at)(?:,[\S]+)*)[\s]+(?:-F[\s]+a2&03)[\s]+(?:-F[\s]+path=/etc/group)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(open_by_handle_at)(?:,[\S]+)*)[\s]+(?:-F[\s]+a2&03)[\s]+(?:-F[\s]+path=/etc/group)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(openat)(?:,[\S]+)*)[\s]+(?:-F[\s]+a2&03)[\s]+(?:-F[\s]+path=/etc/group)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(openat)(?:,[\S]+)*)[\s]+(?:-F[\s]+a2&03)[\s]+(?:-F[\s]+path=/etc/group)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(open)(?:,[\S]+)*)[\s]+(?:-F[\s]+a1&03)[\s]+(?:-F[\s]+path=/etc/gshadow)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(open)(?:,[\S]+)*)[\s]+(?:-F[\s]+a1&03)[\s]+(?:-F[\s]+path=/etc/gshadow)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(open_by_handle_at)(?:,[\S]+)*)[\s]+(?:-F[\s]+a2&03)[\s]+(?:-F[\s]+path=/etc/gshadow)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(open_by_handle_at)(?:,[\S]+)*)[\s]+(?:-F[\s]+a2&03)[\s]+(?:-F[\s]+path=/etc/gshadow)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(openat)(?:,[\S]+)*)[\s]+(?:-F[\s]+a2&03)[\s]+(?:-F[\s]+path=/etc/gshadow)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(openat)(?:,[\S]+)*)[\s]+(?:-F[\s]+a2&03)[\s]+(?:-F[\s]+path=/etc/gshadow)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(open)(?:,[\S]+)*)[\s]+(?:-F[\s]+a1&03)[\s]+(?:-F[\s]+path=/etc/passwd)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(open)(?:,[\S]+)*)[\s]+(?:-F[\s]+a1&03)[\s]+(?:-F[\s]+path=/etc/passwd)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(open_by_handle_at)(?:,[\S]+)*)[\s]+(?:-F[\s]+a2&03)[\s]+(?:-F[\s]+path=/etc/passwd)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(open_by_handle_at)(?:,[\S]+)*)[\s]+(?:-F[\s]+a2&03)[\s]+(?:-F[\s]+path=/etc/passwd)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(openat)(?:,[\S]+)*)[\s]+(?:-F[\s]+a2&03)[\s]+(?:-F[\s]+path=/etc/passwd)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(openat)(?:,[\S]+)*)[\s]+(?:-F[\s]+a2&03)[\s]+(?:-F[\s]+path=/etc/passwd)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(open)(?:,[\S]+)*)[\s]+(?:-F[\s]+a1&03)[\s]+(?:-F[\s]+path=/etc/shadow)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(open)(?:,[\S]+)*)[\s]+(?:-F[\s]+a1&03)[\s]+(?:-F[\s]+path=/etc/shadow)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(open_by_handle_at)(?:,[\S]+)*)[\s]+(?:-F[\s]+a2&03)[\s]+(?:-F[\s]+path=/etc/shadow)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(open_by_handle_at)(?:,[\S]+)*)[\s]+(?:-F[\s]+a2&03)[\s]+(?:-F[\s]+path=/etc/shadow)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(openat)(?:,[\S]+)*)[\s]+(?:-F[\s]+a2&03)[\s]+(?:-F[\s]+path=/etc/shadow)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(openat)(?:,[\S]+)*)[\s]+(?:-F[\s]+a2&03)[\s]+(?:-F[\s]+path=/etc/shadow)[\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ ^\-w[\s]+ [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/var\/log\/faillog [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/var\/log\/lastlog [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/var\/log\/tallylog [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/apparmor [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/apparmor.d [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/selinux\/ [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/usr\/share\/selinux\/ [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/hosts [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/issue [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/issue.net [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/NetworkManager\/system-connections\/ [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/sysconfig\/network [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/hostname [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/sysconfig\/network-scripts [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/NetworkManager [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/var\/log\/btmp [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/var\/run\/utmp [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/var\/log\/wtmp [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/sudoers [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/sudoers.d\/ [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/localtime [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+chmod[\s]+|([\s]+|[,])chmod([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+chmod[\s]+|([\s]+|[,])chmod([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+chown[\s]+|([\s]+|[,])chown([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+chown[\s]+|([\s]+|[,])chown([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+creat[\s]+|([\s]+|[,])creat([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+creat[\s]+|([\s]+|[,])creat([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fchmod[\s]+|([\s]+|[,])fchmod([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fchmod[\s]+|([\s]+|[,])fchmod([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fchmodat[\s]+|([\s]+|[,])fchmodat([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fchmodat[\s]+|([\s]+|[,])fchmodat([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fchown[\s]+|([\s]+|[,])fchown([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fchown[\s]+|([\s]+|[,])fchown([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fchownat[\s]+|([\s]+|[,])fchownat([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fchownat[\s]+|([\s]+|[,])fchownat([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fremovexattr[\s]+|([\s]+|[,])fremovexattr([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fremovexattr[\s]+|([\s]+|[,])fremovexattr([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+fsetxattr[\s]+|([\s]+|[,])fsetxattr([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+fsetxattr[\s]+|([\s]+|[,])fsetxattr([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+ftruncate[\s]+|([\s]+|[,])ftruncate([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+ftruncate[\s]+|([\s]+|[,])ftruncate([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+lchown[\s]+|([\s]+|[,])lchown([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+lchown[\s]+|([\s]+|[,])lchown([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+lremovexattr[\s]+|([\s]+|[,])lremovexattr([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+lremovexattr[\s]+|([\s]+|[,])lremovexattr([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+lsetxattr[\s]+|([\s]+|[,])lsetxattr([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+lsetxattr[\s]+|([\s]+|[,])lsetxattr([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+open[\s]+|([\s]+|[,])open([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+open[\s]+|([\s]+|[,])open([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+open_by_handle_at[\s]+|([\s]+|[,])open_by_handle_at([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+open_by_handle_at[\s]+|([\s]+|[,])open_by_handle_at([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(open_by_handle_at)(?:,[\S]+)*)[\s]+ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(open_by_handle_at)(?:,[\S]+)*)[\s]+ [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:[^.]|\.\s)* (?:-F\s+a2&0100)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a2&0100)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+a2&0100)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a2&0100)[\s]+(?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(open_by_handle_at)(?:,[\S]+)*)[\s]+ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(open_by_handle_at)(?:,[\S]+)*)[\s]+ [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:[^.]|\.\s)* (?:-F\s+a2&01003)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a2&01003)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+a2&01003)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a2&01003)[\s]+(?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(open_by_handle_at)(?:,[\S]+)*)[\s]+ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(open_by_handle_at)(?:,[\S]+)*)[\s]+ [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(?:unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+a2&0100)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a2&01003)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+exit=-EACCES) (?:-F\s+a2&0100)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+a2&01003)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+exit=-EPERM) (?:-F\s+a2&0100)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a2&01003)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+exit=-EACCES) (?:-F\s+a2&0100)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+a2&01003)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+exit=-EPERM) ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(open)(?:,[\S]+)*)[\s]+ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(open)(?:,[\S]+)*)[\s]+ [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:[^.]|\.\s)* (?:-F\s+a1&0100)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a1&0100)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+a1&0100)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a1&0100)[\s]+(?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(open)(?:,[\S]+)*)[\s]+ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(open)(?:,[\S]+)*)[\s]+ [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:[^.]|\.\s)* (?:-F\s+a1&01003)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a1&01003)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+a1&01003)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a1&01003)[\s]+(?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(open)(?:,[\S]+)*)[\s]+ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(open)(?:,[\S]+)*)[\s]+ [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(?:unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+a1&0100)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a1&01003)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+exit=-EACCES) (?:-F\s+a1&0100)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+a1&01003)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+exit=-EPERM) (?:-F\s+a1&0100)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a1&01003)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+exit=-EACCES) (?:-F\s+a1&0100)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+a1&01003)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+exit=-EPERM) ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+openat[\s]+|([\s]+|[,])openat([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+openat[\s]+|([\s]+|[,])openat([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(openat)(?:,[\S]+)*)[\s]+ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(openat)(?:,[\S]+)*)[\s]+ [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:[^.]|\.\s)* (?:-F\s+a2&0100)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a2&0100)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+a2&0100)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a2&0100)[\s]+(?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(openat)(?:,[\S]+)*)[\s]+ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(openat)(?:,[\S]+)*)[\s]+ [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:[^.]|\.\s)* (?:-F\s+a2&01003)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a2&01003)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+a2&01003)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a2&01003)[\s]+(?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:-S[\s]+(?:[\S]+,)*(openat)(?:,[\S]+)*)[\s]+ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:-S[\s]+(?:[\S]+,)*(openat)(?:,[\S]+)*)[\s]+ [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(?:unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+a2&0100)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a2&01003)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+exit=-EACCES) (?:-F\s+a2&0100)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+a2&01003)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+exit=-EPERM) (?:-F\s+a2&0100)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+a2&01003)[\s]+(?:-F\s+exit=-EACCES) (?:-F\s+exit=-EACCES) (?:-F\s+a2&0100)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+a2&01003)[\s]+(?:-F\s+exit=-EPERM) (?:-F\s+exit=-EPERM) ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^ $\n(^(?! | ).*$\n)*^ $\n(^(?! | ).*$\n)*^ $ ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+removexattr[\s]+|([\s]+|[,])removexattr([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+removexattr[\s]+|([\s]+|[,])removexattr([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+rename[\s]+|([\s]+|[,])rename([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+rename[\s]+|([\s]+|[,])rename([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+renameat[\s]+|([\s]+|[,])renameat([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+renameat[\s]+|([\s]+|[,])renameat([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+renameat2[\s]+|([\s]+|[,])renameat2([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+renameat2[\s]+|([\s]+|[,])renameat2([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+setxattr[\s]+|([\s]+|[,])setxattr([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+setxattr[\s]+|([\s]+|[,])setxattr([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+truncate[\s]+|([\s]+|[,])truncate([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+truncate[\s]+|([\s]+|[,])truncate([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+unlink[\s]+|([\s]+|[,])unlink([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+unlink[\s]+|([\s]+|[,])unlink([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+unlinkat[\s]+|([\s]+|[,])unlinkat([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* ^[\s]*-a[\s]+always,exit[\s]+(?:-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+unlinkat[\s]+|([\s]+|[,])unlinkat([\s]+|[,])))(?:(?!-F[\s]+a\d&).)* [\s]+(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295)[\s]+)(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$ (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) (?:-F\s+exit=-EACCES) (?:-F\s+exit=-EPERM) ^\-w[\s]+ \/etc\/group [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/gshadow [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/nsswitch.conf [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/security\/opasswd [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/pam.conf [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/pam.d\/ [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/passwd [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/etc\/shadow [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/var\/log\/journal\/ [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/var\/spool\/cron [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ ^\-w[\s]+ \/var\/log\/sudo.log [\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b.*$ 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 42 0 42 0 0 0 0 0 0 0 0 0 0 0 42 0 0 0 0 0 0 0 0 42 0 0 0 0 0 0 0 4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ^(?:.*\s)?audit_backlog_limit= (?:\s.*)?$ ^(?:.*\s)?l1tf= (?:\s.*)?$ ^(?:.*\s)?mds= (?:\s.*)?$ ^(?:.*\s)?rng_core.default_quality= (?:\s.*)?$ ^(?:.*\s)?slub_debug= (?:\s.*)?$ ^(?:.*\s)?spec_store_bypass_disable= (?:\s.*)?$ /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /etc/modprobe.d /etc/modules-load.d /run/modprobe.d /run/modules-load.d /usr/lib/modprobe.d /usr/lib/modules-load.d /dev/cdrom /dev/dvd /dev/scd0 /dev/sr0 ^[\s]* [\s]+[/\w]+[\s]+[\w]+[\s]+([^\s]+)(?:[\s]+[\d]+){2}$ ^[\s]* [\s]+[/\w]+[\s]+[\w]+[\s]+([^\s]+)(?:[\s]+[\d]+){2}$ /dev/cdrom /dev/dvd /dev/scd0 /dev/sr0 ^[\s]* [\s]+[/\w]+[\s]+[\w]+[\s]+([^\s]+)(?:[\s]+[\d]+){2}$ ^[\s]* [\s]+[/\w]+[\s]+[\w]+[\s]+([^\s]+)(?:[\s]+[\d]+){2}$ /dev/cdrom /dev/dvd /dev/scd0 /dev/sr0 ^[\s]* [\s]+[/\w]+[\s]+[\w]+[\s]+([^\s]+)(?:[\s]+[\d]+){2}$ ^[\s]* [\s]+[/\w]+[\s]+[\w]+[\s]+([^\s]+)(?:[\s]+[\d]+){2}$ hidepid= ^/etc/rsyslog.conf$ ^/etc/rsyslog.conf$ ^/etc/rsyslog.conf$ /etc/pam.d/common-password /dev/cdrom /dev/dvd /dev/scd0 /dev/sr0 64 8 64 8