Untitled
sudo auditctl -a always,exit -F arch=b64 -S execve -F exe=/bin/su -F auid>=1000 -F auid!=4294967295 -k su_commands sudo auditctl -a always,exit -F arch=b32 -S execve -F exe=/bin/su -F auid>=1000 -F auid!=4294967295 -k su_commands
Leave a Comment