Merge pull request #108 from Pierre-Gronau-ndaal/patch-47

Update audit.rules atftpd
Neo23x0 · Feb 5, 2024 · 528743a · 528743a
2 parents 984a6dd + 9fbd441
commit 528743a
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/audit.rules b/audit.rules
@@ -334,6 +334,24 @@
 -w /usr/local/bin/xfreerdp -p x -k susp_activity
 -w /usr/bin/nmap -p x -k susp_activity
 
+### atftpd
+### https://sourceforge.net/projects/atftp/
+### https://github.com/madmartin/atftp
+### atftp is a client/server implementation of the TFTP protocol that implements RFCs 1350, 2090, 2347, 2348, 2349 and 7440. 
+### The server is multi-threaded and the client presents a friendly interface using libreadline.
+### T1133_External_Remote_Services
+-w /usr/bin/atftpd -p x -k susp_activity
+-w /usr/sbin/atftpd -p x -k susp_activity
+
+-w /usr/bin/in.tftpd -p x -k susp_activity
+-w /usr/sbin/in.tftpd -p x -k susp_activity
+
+-w /lib/systemd/system/atftpd.service -k susp_activity
+-w /usr/lib/systemd/system/atftpd.service -k susp_activity
+
+-w /lib/systemd/system/atftpd.socket -k susp_activity
+-w /usr/lib/systemd/system/atftpd.socket -k susp_activity
+
 ## sssd
 -a always,exit -F path=/usr/libexec/sssd/p11_child -F perm=x -F auid>=500 -F auid!=4294967295 -k T1078_Valid_Accounts
 -a always,exit -F path=/usr/libexec/sssd/krb5_child -F perm=x -F auid>=500 -F auid!=4294967295 -k T1078_Valid_Accounts