Note: That particular rule will absolutely destroy any system running HDFS.
On Fri, Jan 5, 2018 at 12:00 PM, Paige, David B CTR USARMY ICOE (US) < [email protected]> wrote: > This check and some related ones require auditing for all users and root. > The suggested line includes these elements: > > -a always,exit -F arch=ARCH -S rmdir,unlink,unlinkat,rename,renameat -F > auid>=500 -F auid!=4294967295 -k delete > > Should this check include "-F auid=0" to properly audit the root user? > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists. > fedorahosted.org > To unsubscribe send an email to scap-security-guide-leave@ > lists.fedorahosted.org > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
