Pierre-Gronau-ndaal
commented
3 months ago What about adding
-a always,exit -F path=/lib64/ld-linux-x86-64.so.2 -F perm=x -F auid!=unset -k ld_execution
Open tititototutu opened 4 months ago
Pierre-Gronau-ndaal
commented
3 months ago What about adding
-a always,exit -F path=/lib64/ld-linux-x86-64.so.2 -F perm=x -F auid!=unset -k ld_execution
Hello,
Thank you very much for your work!
A Log bypass is possible by executing the binary flagged with "ld-linux.so".