From 0cc77cd62a61c60bce11249785c5aaadf30feb9a Mon Sep 17 00:00:00 2001
From: Pierre-Gronau-ndaal
 <72132223+Pierre-Gronau-ndaal@users.noreply.github.com>
Date: Tue, 29 Aug 2023 22:13:06 +0200
Subject: [PATCH] Update audit.rules ash

---
 audit.rules | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/audit.rules b/audit.rules
index 03ed184..5d2edbe 100644
--- a/audit.rules
+++ b/audit.rules
@@ -407,7 +407,11 @@
 -w /usr/bin/pkexec -p x -k pkexec
 
 ## Suspicious shells
+
+### https://gtfobins.github.io/gtfobins/ash/
 -w /bin/ash -p x -k susp_shell
+-w /usr/bin/ash -p x -k susp_shell
+
 -w /bin/csh -p x -k susp_shell
 -w /bin/fish -p x -k susp_shell
 -w /bin/tcsh -p x -k susp_shell