mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-08 10:23:54 +00:00
11 lines
429 B
Plaintext
11 lines
429 B
Plaintext
table_name("passwd_changes")
|
|
description("Track time, action changes to /etc/passwd.")
|
|
schema([
|
|
Column("target_path", TEXT, "The path changed"),
|
|
Column("action", TEXT, "Change action (UPDATE, REMOVE, etc)"),
|
|
Column("transaction_id", BIGINT, "ID used during bulk update"),
|
|
Column("time", BIGINT, "Time of the change"),
|
|
])
|
|
attributes(event_subscriber=True)
|
|
implementation("passwd_changes@passwd_changes::genTable")
|