Closed t0wb0at closed 4 years ago
Hello @t0wb0at,
In that fragment of code, we select the user whose actions and commands we want to be monitored by Audit. For this case, we use wazuh
(the SSH user) so it's not very verbose.
I hope that helps, Regards
Hi, @manuasir!
Ok, thanks for the clarification! I hope I'll be more useful for the Wazuh project next time) Thanks for your amazing job!
Thanks @t0wb0at ! I appreciate your interest. Don't hesitate to open a new issue/PR whenever you may need it.
Cheers
Hello, dear Wazuh team!
I found that auditd rules that
wazuh-cloudformation/wazuh/cluster/wazuh_cf_worker.sh
andwazuh-cloudformation/wazuh/cluster/wazuh_cf_master.sh
creates are not correct because of the wrong user:Should it be changed to this?:
Thanks!