Analyzes Linux auditd logs using ausearch and Python to detect intrusions including unauthorized file access, privilege escalation, syscall anomalies, and suspicious process execution.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
解析 auditd 日志,检测文件访问违规、权限提升(privilege escalation)、
Analyzes Linux audit logs using auditd, ausearch, and aureport to detect intrusions, unauthorized access, privilege escalations, and suspicious activity. For incident response, forensics, and HIDS on Linux hosts.
Analyzes Linux audit logs using auditd, ausearch, and aureport to detect intrusions, unauthorized access, privilege escalations, and suspicious activity. Covers rule setup and incident timelines.
Analyzes Linux logs (auth.log, syslog, systemd journal, kern.log, audit.log) via grep, journalctl, ausearch to reconstruct user activity, detect intrusions, and build event timelines on compromised systems.
Share bugs, ideas, or general feedback.
解析 auditd 日志,检测文件访问违规、权限提升(privilege escalation)、 可疑系统调用(syscall)以及未授权进程执行。