ClawHub

Auditd

v1.0.0

Linux Audit Framework reference. auditctl rules for file watches and syscall auditing, auditd.conf configuration, ausearch log queries, aureport summaries, a...

0· 144·1 current·1 all-time
by@bytesagain3

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for bytesagain3/auditd.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Auditd" (bytesagain3/auditd) from ClawHub.
Skill page: https://clawhub.ai/bytesagain3/auditd
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install auditd

ClawHub CLI

Package manager switcher

npx clawhub@latest install auditd
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (auditd reference) aligns with the files and included script: examples and guidance for auditctl, ausearch, aureport, and auditd.conf. The skill does not request unrelated credentials or config paths. Note: the SKILL.md and script assume standard system utilities (auditctl, ausearch, aureport, augenrules, systemctl/service, kill, etc.) are present but these are not listed as required binaries — this is a minor metadata omission, not a functional mismatch.
Instruction Scope
Instructions are focused on auditd usage, log searching, and rule management. However, many suggested commands modify system state (adding/deleting/locking rules, restarting or signaling auditd, changing disk action policies) and therefore require root privileges and can impact system behavior (including suspending logging). The skill's instructions also reference reading /var/log/audit/audit.log and /etc/audit files — appropriate for the purpose but potentially sensitive.
Install Mechanism
No install spec (instruction-only plus a bundled script). No downloads or external installers are used, so there is no additional install-time risk.
Credentials
The skill requests no environment variables, credentials, or config paths. The operations it documents do require local privileged access to audit configuration/logs, which is proportional to an auditd reference skill.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide configuration changes on install. Note that an agent invoking the skill (autonomously) could run privileged commands if the agent process has elevated rights — this is a platform usage consideration, not a misbehavior of the skill itself.
Assessment
This skill is a local reference for auditd and appears coherent, but it documents and would instruct the agent to run commands that require root and can change system auditing (add/delete/lock rules, suspend logging, restart the daemon). Before installing or invoking: (1) review the included script and SKILL.md yourself; (2) do not allow the agent to run these commands as root without human review — prefer read-only queries; (3) test any commands in a non-production environment first; (4) if you enable autonomous invocation, restrict the agent's privileges so it cannot modify audit rules or restart system services without explicit human approval.

Like a lobster shell, security has layers — review code before you run it.

latestvk972j3r1cgqqd18g0p3g0gd74s83hrd1
144downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@bytesagain3
latest
Download

auditd

Linux Audit Framework reference — kernel-level security auditing.

Commands

CommandDescription
introWhat is auditd, architecture, quick start
rulesauditctl watches, syscall rules, filters
configauditd.conf settings, rotation, disk actions
searchausearch by key, time, user, file
reportaureport summaries, login, auth, file
logsaudit.log format, field meanings
complianceCIS benchmark and PCI-DSS rules
toolsauditctl, audit2allow, aulast, autrace

Comments

Loading comments...