analyzing-linux-audit-logs-for-intrusion
Utilizes the Linux Audit framework to detect intrusion attempts and unauthorized access through log analysis and rule configuration.
Install this skill
or
0/100
Security score
The analyzing-linux-audit-logs-for-intrusion skill was audited on Jun 2, 2026 and we found 9 security issues across 1 threat category, including 3 critical. Review the findings below before installing.
Categories Tested
Security Issues
critical line 44
Access to /etc/passwd
SourceSKILL.md
| 44 | - Detecting file tampering on critical system files such as `/etc/passwd`, `/etc/shadow`, or SSH keys |
high line 89
Access to /etc/passwd
SourceSKILL.md
| 89 | -w /etc/passwd -p wa -k credential_access |
critical line 44
Access to /etc/shadow
SourceSKILL.md
| 44 | - Detecting file tampering on critical system files such as `/etc/passwd`, `/etc/shadow`, or SSH keys |
high line 90
Access to /etc/shadow
SourceSKILL.md
| 90 | -w /etc/shadow -p rwa -k credential_access |
high line 150
Access to /etc/shadow
SourceSKILL.md
| 150 | # Search for all file access events on /etc/shadow |
high line 151
Access to /etc/shadow
SourceSKILL.md
| 151 | ausearch -f /etc/shadow -ts this-week |
critical line 273
Access to /etc/shadow
SourceSKILL.md
| 273 | - [ ] Critical file watches trigger alerts on test modifications (`touch /etc/shadow` generates an event) |
medium line 97
Access to root home directory
SourceSKILL.md
| 97 | -w /root/.ssh/authorized_keys -p wa -k ssh_key_tampering |
high line 97
Access to SSH directory
SourceSKILL.md
| 97 | -w /root/.ssh/authorized_keys -p wa -k ssh_key_tampering |
Scanned on Jun 2, 2026
View Security DashboardGitHub Stars 15.6K
Rate this skill
Categorydevelopment
UpdatedJune 24, 2026
mukul975/Anthropic-Cybersecurity-Skills