## -D ## -b 32768 ## -f 1 ## -w /var/log/audit/ -k LOG_audit -w /etc/audit/ -p wa -k CFG_audit -w /etc/sysconfig/auditd -p wa -k CFG_auditd.conf -w /etc/libaudit.conf -p wa -k CFG_libaudit.conf -w /etc/audisp/ -p wa -k CFG_audisp ## -w /home/d5000/fujian/bin/ -p wa -k BIN_d5000 -w /home/d5000/fujian/conf/ -p wa -k CFG_d5000 -w /home/d5000/fujian/.cshrc -p wa -k CFG_cshrc -w /etc/hosts -p wa -k CFG_hosts -w /etc/services -p wa -k CFG_services -w /etc/sysctl.conf -p wa -k CFG_sysctl.conf -w /etc/syslog.conf -p wa -k CFG_syslog.conf -w /etc/security/limits.conf -p wa -k CFG_limits.conf ## -a exit,always -F path=/home/d5000/fujian/bin/sca_analog -S all -a exit,always -F path=/home/d5000/fujian/bin/sca_point -S all -a exit,always -F path=/home/d5000/fujian/bin/sca_cal -S all -a exit,always -F path=/home/d5000/fujian/bin/sca_op -S all -a exit,always -F path=/home/d5000/fujian/bin/sca_manage -S all -a exit,always -F path=/home/d5000/fujian/bin/sca_topo -S all -a exit,always -F path=/home/d5000/fujian/bin/fes_handle -S all -a exit,always -F path=/home/d5000/fujian/bin/fes_com -S all -a exit,always -F path=/home/d5000/fujian/bin/fes_mgr -S all -a exit,always -F path=/home/d5000/fujian/bin/fes_gps -S all -a exit,always -F path=/home/d5000/fujian/bin/rtdb_server -S all -a exit,always -F path=/home/d5000/fujian/bin/rtdb_modify -S all -a exit,always -F path=/home/d5000/fujian/bin/case_server -S all -a exit,always -F path=/home/d5000/fujian/bin/download_daemon -S all -a exit,always -F path=/home/d5000/fujian/bin/download_server -S all -a exit,always -F path=/home/d5000/fujian/bin/db_modify_server -S all -a exit,always -F path=/home/d5000/fujian/bin/sql_sp_server -S all -a exit,always -F path=/home/d5000/fujian/bin/db_commit -S all -a exit,always -F path=/home/d5000/fujian/bin/sys_nicmonitor -S all -a exit,always -F path=/home/d5000/fujian/bin/sys_procm -S all -a exit,always -F path=/home/d5000/fujian/bin/sys_procm_mon -S all -a exit,always -F path=/home/d5000/fujian/bin/msg_bus -S all -a exit,always -F path=/home/d5000/fujian/bin/sys_servicemanage -S all -a exit,always -F path=/home/d5000/fujian/bin/sys_trans_alarm -S all -a exit,always -F path=/home/d5000/fujian/bin/remote_exed -S all -a exit,always -F path=/home/d5000/fujian/bin/locator -S all -a exit,always -F path=/home/d5000/fujian/bin/proxy -S all -a exit,always -F path=/home/d5000/fujian/bin/midmmi -S all -a exit,always -F path=/home/d5000/fujian/bin/midbrow -S all -a exit,always -F path=/home/d5000/fujian/bin/middata -S all -a exit,always -F path=/home/d5000/fujian/bin/evt_sender -S all -a exit,always -F path=/home/d5000/fujian/bin/evt_recv -S all -a exit,always -F path=/home/d5000/fujian/bin/hissam -S all -a exit,always -F path=/home/d5000/fujian/bin/hissec -S all -a exit,always -F path=/home/d5000/fujian/bin/midhs -S all -a exit,always -F path=/home/d5000/fujian/bin/sca_pdrrep -S all -a exit,always -F path=/home/d5000/fujian/bin/sca_pdrrec -S all -a exit,always -F path=/home/d5000/fujian/bin/fes_ser -S all ## #-w /database/ -p wa -k DAT_database ## -w /etc/passwd -p wa -k CFG_passwd -w /etc/group -p wa -k CFG_group -w /etc/shadow -p wa -k CFG_shadow ## -a entry,always -F arch=b32 -S setxattr -S lsetxattr -S removexattr -S lremovexattr -a entry,always -F arch=b64 -S setxattr -S lsetxattr -S removexattr -S lremovexattr ## -w /etc/cron.allow -p wa -k CFG_cron.allow -w /etc/cron.deny -p wa -k CFG_cron.deny -w /etc/cron.d/ -p wa -k CFG_cron.d -w /etc/cron.daily/ -p wa -k CFG_cron.daily -w /etc/cron.hourly/ -p wa -k CFG_cron.hourly -w /etc/cron.monthly/ -p wa -k CFG_cron.monthly -w /etc/cron.weekly/ -p wa -k CFG_cron.weekly -w /etc/crontab -p wa -k CFG_crontab -w /var/spool/cron/crontabs/root -k CFG_crontab_root -w /var/spool/cron/crontabs/d5000 -p wa -k CFG_crontab_root #trace kill #-a entry,always -F arch=b32 -F a1>0 -S kill #-a entry,always -F arch=b64 -F a1>0 -S kill