top | item 39882021 (no title) ivlad | 1 year ago I am trying to figure out if auditctl is expressive enough to catch unexpected execve() from sshd: basically anything other than /usr/bin/sshd (for privsep) executed with auid=-1 should be suspicious. discuss order hn newest No comments yet.
No comments yet.