MOON
Server: Apache
System: Linux 54-179-220-51.cprapid.com 3.10.0-1160.144.1.el7.tuxcare.els4.x86_64 #1 SMP Tue Apr 7 08:40:40 UTC 2026 x86_64
User: hunarpak (1005)
PHP: 7.4.29
Disabled: NONE
$ pwd: /usr/share/doc/audit-2.8.5/rules/
Upload Files
File: //usr/share/doc/audit-2.8.5/rules/42-injection.rules
## These rules watch for code injection by the ptrace facility.
## This could indicate someone trying to do something bad or
## just debugging

#-a always,exit -F arch=b32 -S ptrace -F key=tracing
-a always,exit -F arch=b64 -S ptrace -F key=tracing
-a always,exit -F arch=b32 -S ptrace -F a0=0x4 -F key=code-injection
-a always,exit -F arch=b64 -S ptrace -F a0=0x4 -F key=code-injection
-a always,exit -F arch=b32 -S ptrace -F a0=0x5 -F key=data-injection
-a always,exit -F arch=b64 -S ptrace -F a0=0x5 -F key=data-injection
-a always,exit -F arch=b32 -S ptrace -F a0=0x6 -F key=register-injection
-a always,exit -F arch=b64 -S ptrace -F a0=0x6 -F key=register-injection
@ Telegram