SET(CMAKE_BUILD_TYPE "DEBUG")
ENDIF(NOT CMAKE_BUILD_TYPE)
-SET(AUDIT_TRAIL_LIB ${PROJECT_SOURCE_DIR}/lib)
-SET(AUDIT_TRAIL_SERVER ${PROJECT_SOURCE_DIR}/server)
-SET(AUDIT_TRAIL_TOOLS ${PROJECT_SOURCE_DIR}/tools)
-SET(AUDIT_TRAIL_COMMON ${PROJECT_SOURCE_DIR}/common)
+SET(AUDIT_TRAIL_LIB ${PROJECT_SOURCE_DIR}/lib)
+SET(AUDIT_TRAIL_SERVER ${PROJECT_SOURCE_DIR}/server)
+SET(AUDIT_TRAIL_TOOLS ${PROJECT_SOURCE_DIR}/tools)
+SET(AUDIT_TRAIL_COMMON ${PROJECT_SOURCE_DIR}/common)
+SET(AUDIT_TRAIL_PLUGINS ${PROJECT_SOURCE_DIR}/plugins)
IF("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU" AND CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.7)
SET(CXX_STD "c++0x")
ADD_SUBDIRECTORY(${AUDIT_TRAIL_LIB})
ADD_SUBDIRECTORY(${AUDIT_TRAIL_SERVER})
ADD_SUBDIRECTORY(${AUDIT_TRAIL_TOOLS})
+ADD_SUBDIRECTORY(${AUDIT_TRAIL_PLUGINS})
%{_libdir}/libaudit-rule.so
%{_libdir}/pkgconfig/audit-rule.pc
+## Audit Trail Default Rules Package #########################################
+%package -n audit-trail-default-rules
+Summary: Default rule plugins to audit suspicious activities
+Group: Security/Libraries
+Requires: %{name} = %{version}-%{release}
+
+%description -n audit-trail-default-rules
+The audit-trail-default-rules package contains default rulesets such as capp, lspp, nispom, stig, pci-dss.
+
+%files -n audit-trail-default-rules
+%manifest audit-trail.manifest
+%defattr(644,root,root,755)
+%{audit_rule_dir}/*
+
## Audit Trail Test Package ################################################
%package -n audit-trail-tests
Summary: Testcases for Tizen audit daemon
Requires: %{name} = %{version}-%{release}
%description -n audit-trail-tests
-The audit-trail-test package contains the testcases needed to test audit functions
+The audit-trail-tests package contains the testcases needed to test audit functions
%files -n audit-trail-tests
%manifest audit-trail.manifest
--- /dev/null
+#
+# Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+SET (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack")
+
+INCLUDE_DIRECTORIES(SYSTEM ${AUDIT_TRAIL_LIB} ${AUDIT_TRAIL_COMMON})
+
+FOREACH(TARGET capp lspp nispom stig pci-dss)
+ ADD_LIBRARY(${TARGET} SHARED ${TARGET}.cpp base-rule-set.cpp)
+ SET_TARGET_PROPERTIES(${TARGET} PROPERTIES COMPILE_FLAGS
+ "-fPIC -fvisibility=default"
+ )
+
+ TARGET_LINK_LIBRARIES(${TARGET} audit-rule)
+
+ INSTALL(FILES lib${TARGET}.so RENAME ${TARGET} DESTINATION ${RULE_INSTALL_DIR})
+ENDFOREACH(TARGET)
--- /dev/null
+/*
+ * Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <asm/unistd.h>
+#include <audit-rule/rule-set.h>
+
+#include "base-rule-set.h"
+
+void BaseRuleSet::addDir(const std::vector<std::string>& dirs,
+ const std::string& tag, Result result)
+{
+ for (auto dir : dirs) {
+ WatchDirRule rule(dir, Rule::Perm::r |
+ Rule::Perm::w |
+ Rule::Perm::x);
+
+ switch (result) {
+ case FailedOnly:
+ rule << SyscallSuccess(false);
+ break;
+ case SucceedOnly:
+ rule << SyscallSuccess(true);
+ break;
+ default:
+ break;
+ }
+
+ add(rule << Tag(tag));
+ }
+}
+
+void BaseRuleSet::addPath(const std::vector<std::string>& paths,
+ const std::string& tag, Result result)
+{
+ for (auto path : paths) {
+ WatchPathRule rule(path, Rule::Perm::r |
+ Rule::Perm::w |
+ Rule::Perm::x);
+
+ switch (result) {
+ case FailedOnly:
+ rule << SyscallSuccess(false);
+ break;
+ case SucceedOnly:
+ rule << SyscallSuccess(true);
+ break;
+ default:
+ break;
+ }
+
+ add(rule << Tag(tag));
+ }
+}
+
+void BaseRuleSet::addSyscall(const std::vector<int>& syscalls,
+ const std::string& tag, Result result)
+{
+ for (auto syscall : syscalls) {
+ SyscallRule rule(syscall);
+
+ switch (result) {
+ case FailedOnly:
+ rule << SyscallSuccess(false);
+ break;
+ case SucceedOnly:
+ rule << SyscallSuccess(true);
+ break;
+ default:
+ break;
+ }
+
+ add(rule << Tag(tag));
+ }
+}
+
+void BaseRuleSet::useAudit(Result result)
+{
+ addPath({
+ "/tmp/.audit-trail.sock",
+ }, __func__, result);
+}
+
+void BaseRuleSet::accessFile(Result result)
+{
+ addSyscall({
+#ifdef __NR_open
+ __NR_open,
+#endif
+ __NR_openat,
+#ifdef __NR_creat
+ __NR_creat,
+#endif
+ __NR_open_by_handle_at,
+ __NR_truncate,
+ __NR_ftruncate,
+ __NR_fallocate,
+#ifdef __NR_truncate64
+ __NR_truncate64,
+#endif
+#ifdef __NR_ftruncate64
+ __NR_ftruncate64,
+#endif
+ }, __func__, result);
+}
+
+void BaseRuleSet::moveFile(Result result)
+{
+ addSyscall({
+#ifdef __NR_unlink
+ __NR_unlink,
+#endif
+ __NR_unlinkat,
+#ifdef __NR_rename
+ __NR_rename,
+#endif
+ __NR_renameat,
+#ifdef __NR_renameat2
+ __NR_renameat2,
+#endif
+ }, __func__, result);
+}
+
+void BaseRuleSet::createSpecialFile(Result result)
+{
+ addSyscall({
+#ifdef __NR_link
+ __NR_link,
+#endif
+ __NR_linkat,
+#ifdef __NR_symlink
+ __NR_symlink,
+#endif
+ __NR_symlinkat,
+#ifdef __NR_mknod
+ __NR_mknod,
+#endif
+ __NR_mknodat,
+ }, __func__, result);
+}
+
+void BaseRuleSet::modifyDirectory(Result result)
+{
+ addSyscall({
+#ifdef __NR_mkdir
+ __NR_mkdir,
+#endif
+ __NR_mkdirat,
+#ifdef __NR_rmdir
+ __NR_rmdir,
+#endif
+ }, __func__, result);
+
+#ifdef AT_REMOVEDIR
+ add(SyscallRule(__NR_unlinkat) << Tag(__func__) << Arg3() && AT_REMOVEDIR);
+#endif
+}
+
+void BaseRuleSet::changeFileDAC(Result result)
+{
+ addSyscall({
+#ifdef __NR_chown
+ __NR_chown,
+#endif
+#ifdef __NR_lchown
+ __NR_lchown,
+#endif
+ __NR_fchown,
+ __NR_fchownat,
+#ifdef __NR_chown32
+ __NR_chown32,
+#endif
+#ifdef __NR_lchown32
+ __NR_lchown32,
+#endif
+#ifdef __NR_fchown32
+ __NR_fchown32,
+#endif
+ }, __func__, result);
+}
+
+void BaseRuleSet::changeFileMAC(Result result)
+{
+ addSyscall({
+ __NR_setxattr,
+ __NR_lsetxattr,
+ __NR_fsetxattr,
+ __NR_removexattr,
+ __NR_lremovexattr,
+ __NR_fremovexattr,
+ }, __func__, result);
+}
+
+void BaseRuleSet::changeMACPolicy(Result result)
+{
+ addDir({
+ "/etc/smacks",
+ "/sys/fs/smackfs",
+ "/etc/cynara",
+ "/etc/nether",
+ }, __func__, result);
+}
+
+void BaseRuleSet::useSysvIPC(Result result)
+{
+ addSyscall({
+#ifdef __NR_msgctl
+ __NR_msgctl,
+#endif
+#ifdef __NR_msgget
+ __NR_msgget,
+#endif
+#ifdef __NR_semctl
+ __NR_semctl,
+#endif
+#ifdef __NR_semget
+ __NR_semget,
+#endif
+#ifdef __NR_semop
+ __NR_semop,
+#endif
+#ifdef __NR_semtimedop
+ __NR_semtimedop,
+#endif
+#ifdef __NR_shmctl
+ __NR_shmctl,
+#endif
+#ifdef __NR_shmget
+ __NR_shmget,
+#endif
+#ifdef __NR_ipc
+ __NR_ipc,
+#endif
+ }, __func__, result);
+}
+
+void BaseRuleSet::changeStartupConfig(Result result)
+{
+ addDir({
+ "/etc/rc.d",
+ "/etc/init.d",
+ "/etc/systemd",
+ "/usr/lib/systemd/system",
+ "/usr/lib/systemd/user",
+ "/usr/lib/systemd/network",
+ }, __func__, result);
+}
+
+void BaseRuleSet::mountDevice(Result result)
+{
+ addSyscall({
+ __NR_mount,
+#ifdef __NR_umount
+ __NR_umount,
+#endif
+ __NR_umount2,
+ }, __func__, result);
+}
+
+void BaseRuleSet::changeUmask(Result result)
+{
+ addSyscall({
+ __NR_umask,
+ }, __func__, result);
+}
+
+void BaseRuleSet::createProcess(Result result)
+{
+ addSyscall({
+ __NR_clone,
+#ifdef __NR_clone2
+ __NR_clone2,
+#endif
+#ifdef __NR_fork
+ __NR_fork,
+#endif
+#ifdef __NR_vfork
+ __NR_vfork,
+#endif
+ }, __func__, result);
+}
+
+void BaseRuleSet::changeLibraryConfig(Result result)
+{
+ addPath({
+ "/etc/ld.so.conf",
+ }, __func__, result);
+}
+
+void BaseRuleSet::changeKernelModuleConfig(Result result)
+{
+ addDir({
+ "/etc/modules-load.d",
+ }, __func__, result);
+//TBD
+}
+
+void BaseRuleSet::useKernelModule(Result result)
+{
+ addPath({
+ "/sbin/insmod",
+ "/sbin/rmmod",
+ "/sbin/modprob",
+ }, __func__, result);
+
+ addSyscall({
+ __NR_init_module,
+ __NR_finit_module,
+ __NR_delete_module,
+ }, __func__, result);
+}
+
+void BaseRuleSet::changeAliases(Result result)
+{
+ addPath({
+ "/etc/aliases",
+ "/etc/postfix",
+ }, __func__, result);
+}
+
+void BaseRuleSet::debugging(Result result)
+{
+ addSyscall({
+ __NR_ptrace,
+ }, __func__, result);
+}
+
+void BaseRuleSet::useContainer(Result result)
+{
+ addSyscall({
+ __NR_unshare,
+ __NR_setns,
+ }, __func__, result);
+}
+
+void BaseRuleSet::execSpecialCommand(Result result)
+{
+ addPath({
+ "/sbin/",
+ }, __func__, result);
+}
+
+void BaseRuleSet::changeTime(Result result)
+{
+ addPath({
+ "/etc/localtime",
+ "/etc/sysconfig/clock",
+ }, __func__, result);
+
+ addSyscall({
+ __NR_adjtimex,
+ __NR_settimeofday,
+#ifdef __NR_stime
+ __NR_stime,
+#endif
+ __NR_clock_settime,
+ __NR_clock_adjtime,
+ }, __func__, result);
+}
+
+void BaseRuleSet::loginUser(Result result)
+{
+ addPath({
+ "/var/run/utmp",
+ "/var/run/btmp",
+ "/var/run/wtmp",
+ }, __func__, result);
+}
+
+void BaseRuleSet::modifyUser(Result result)
+{
+ addPath({
+ "/etc/group",
+ "/etc/passwd",
+ "/etc/gshadow",
+ "/etc/shadow",
+ }, __func__, result);
+
+ addDir({
+ "/etc/security",
+ }, __func__, result);
+}
+
+void BaseRuleSet::switchUser(Result result)
+{
+ addSyscall({
+ __NR_setuid,
+ __NR_setreuid,
+ __NR_setresuid,
+ __NR_setfsuid,
+ __NR_setgid,
+ __NR_setregid,
+ __NR_setresgid,
+ __NR_setfsgid,
+#ifdef __NR_setuid32
+ __NR_setuid32,
+#endif
+#ifdef __NR_setreuid32
+ __NR_setreuid32,
+#endif
+#ifdef __NR_setresuid32
+ __NR_setresuid32,
+#endif
+#ifdef __NR_setfsuid32
+ __NR_setfsuid32,
+#endif
+#ifdef __NR_setgid32
+ __NR_setgid32,
+#endif
+#ifdef __NR_setregid32
+ __NR_setregid32,
+#endif
+#ifdef __NR_setresgid32
+ __NR_setresgid32,
+#endif
+#ifdef __NR_setfsgid32
+ __NR_setfsgid32,
+#endif
+ }, __func__, result);
+
+ add(SyscallRule(__NR_execve) << Tag(__func__) << (Uid() != 0) << EUid(0));
+ add(SyscallRule(__NR_execve) << Tag(__func__) << (Gid() != 0) << EGid(0));
+}
+
+void BaseRuleSet::changeNetConfig(Result result)
+{
+ addPath({
+ "/etc/hosts",
+ "/etc/system-release",
+ "/etc/sysconfig/network",
+ }, __func__, result);
+
+ addDir({
+ "/etc/sysconfig/network-scripts",
+ "/etc/wpa_supplicant",
+ "/etc/wifi-direct",
+ }, __func__, result);
+}
--- /dev/null
+/*
+ * Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __AUDIT_BASE_RULE_SET_H__
+#define __AUDIT_BASE_RULE_SET_H__
+
+#include <audit-rule/rule-set.h>
+
+class BaseRuleSet : public AbstractRuleSet {
+protected:
+ enum Result {
+ FailedOnly = 0,
+ SucceedOnly,
+ All
+ };
+
+ void useAudit(Result result = All);
+
+ void accessFile(Result result = All);
+ void moveFile(Result result = All);
+ void createSpecialFile(Result result = All);
+ void modifyDirectory(Result result = All);
+ void changeFileDAC(Result result = All);
+ void changeFileMAC(Result result = All);
+
+ void changeMACPolicy(Result result = All);
+
+ void useSysvIPC(Result result = All);
+
+ void changeStartupConfig(Result result = All);
+ void mountDevice(Result result = All);
+ void changeUmask(Result result = All);
+ void createProcess(Result result = All);
+ void changeLibraryConfig(Result result = All);
+ void changeKernelModuleConfig(Result result = All);
+ void useKernelModule(Result result = All);
+ void changeAliases(Result result = All);
+ void debugging(Result result = All);
+ void useContainer(Result result = All);
+
+ void execSpecialCommand(Result result = All);
+
+ void changeTime(Result result = All);
+
+ void loginUser(Result result = All);
+ void modifyUser(Result result = All);
+ void switchUser(Result result = All);
+
+ void changeNetConfig(Result result = All);
+
+private:
+ void addDir(const std::vector<std::string>& paths,
+ const std::string& tag, Result result);
+ void addPath(const std::vector<std::string>& paths,
+ const std::string& tag, Result result);
+ void addSyscall(const std::vector<int>& syscalls,
+ const std::string& tag, Result result);
+};
+
+#endif /*__AUDIT_BASE_RULE_SET_H__*/
--- /dev/null
+/*
+ * Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include "base-rule-set.h"
+
+class Capp final : public BaseRuleSet {
+public:
+ void initialize();
+
+private:
+ bool mandatoryOnly = true;
+};
+
+void Capp::initialize()
+{
+ useAudit();
+
+ changeStartupConfig();
+ mountDevice();
+ changeUmask();
+ changeLibraryConfig();
+ changeKernelModuleConfig();
+ changeAliases();
+
+ changeTime();
+
+ loginUser();
+ modifyUser();
+
+ changeNetConfig();
+
+ if (!mandatoryOnly) {
+ accessFile();
+ moveFile();
+ createSpecialFile();
+ modifyDirectory();
+ changeFileDAC();
+ changeFileMAC();
+
+ useSysvIPC();
+
+ createProcess();
+ useKernelModule();
+ debugging();
+ useContainer();
+ }
+}
+
+extern "C" {
+
+AbstractRuleSet *RuleSetFactory()
+{
+ return new Capp();
+}
+
+} // extern "C"
--- /dev/null
+/*
+ * Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include "base-rule-set.h"
+
+class Lspp final : public BaseRuleSet {
+public:
+ void initialize();
+
+private:
+ bool mandatoryOnly = true;
+};
+
+void Lspp::initialize()
+{
+ useAudit();
+
+ changeFileMAC();
+ changeMACPolicy();
+
+ changeStartupConfig();
+ mountDevice();
+ changeUmask();
+ changeLibraryConfig();
+ changeKernelModuleConfig();
+ changeAliases();
+
+ changeTime();
+
+ loginUser();
+ modifyUser();
+
+ changeNetConfig();
+
+ if (!mandatoryOnly) {
+ accessFile();
+ moveFile();
+ createSpecialFile();
+ modifyDirectory();
+ changeFileDAC();
+
+ useSysvIPC();
+
+ createProcess();
+ useKernelModule();
+ debugging();
+ useContainer();
+ }
+}
+
+extern "C" {
+
+AbstractRuleSet *RuleSetFactory()
+{
+ return new Lspp();
+}
+
+}// extern "C"
--- /dev/null
+/*
+ * Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include "base-rule-set.h"
+
+class Nispom final : public BaseRuleSet {
+public:
+ void initialize();
+
+private:
+ bool mandatoryOnly = true;
+};
+
+void Nispom::initialize()
+{
+ useAudit();
+
+ accessFile(Result::FailedOnly);
+ moveFile(Result::FailedOnly);
+ createSpecialFile(Result::FailedOnly);
+ modifyDirectory(Result::FailedOnly);
+ changeFileMAC(Result::FailedOnly);
+
+
+ changeTime();
+
+ modifyUser();
+
+ changeNetConfig();
+
+ if (!mandatoryOnly) {
+ changeKernelModuleConfig();
+ useKernelModule();
+ debugging();
+ useContainer();
+ }
+}
+
+extern "C" {
+
+AbstractRuleSet *RuleSetFactory()
+{
+ return new Nispom();
+}
+
+} // extern "C"
--- /dev/null
+/*
+ * Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include "base-rule-set.h"
+
+class PciDss final : public BaseRuleSet {
+public:
+ void initialize();
+
+private:
+ bool mandatoryOnly = true;
+};
+
+void PciDss::initialize()
+{
+ useAudit();
+
+ changeTime();
+
+ loginUser();
+ modifyUser();
+ switchUser();
+}
+
+extern "C" {
+
+AbstractRuleSet *RuleSetFactory()
+{
+ return new PciDss();
+}
+
+} // extern "C"
--- /dev/null
+/*
+ * Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include "base-rule-set.h"
+
+class Stig final : public BaseRuleSet {
+public:
+ void initialize();
+
+private:
+ bool mandatoryOnly = true;
+};
+
+void Stig::initialize()
+{
+ accessFile(Result::FailedOnly);
+ moveFile();
+ changeFileDAC();
+ changeFileMAC();
+ changeMACPolicy();
+
+ mountDevice(Result::SucceedOnly);
+ execSpecialCommand();
+
+ changeTime();
+
+ loginUser();
+
+ changeNetConfig();
+
+ if (!mandatoryOnly) {
+ changeKernelModuleConfig();
+ useKernelModule();
+
+ debugging();
+ useContainer();
+ }
+}
+
+extern "C" {
+
+AbstractRuleSet *RuleSetFactory()
+{
+ return new Stig();
+}
+
+} // extern "C"
projects / platform / core / security / audit-trail.git / commitdiff