[TriLUG] Modification of /etc/hosts
Jeff Schornick
jeff at schornick.org
Wed Feb 3 13:14:05 EST 2010
> # type=SYSCALL msg=audit(1265220365.138:40): arch=c000003e syscall=2
> success=yes exit=4 a0=7fffd55386c3 a1=201 a2=0 a3=7fffd5537490 items=1
> ppid=14345 pid=15001 auid=4294967295 uid=1000 gid=1000 euid=1000
> suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts5
> ses=4294967295 comm="cp" exe="/bin/cp" key=(null)
> type=CWD msg=audit(1265220365.138:40): cwd="/tmp"
> type=PATH msg=audit(1265220365.138:40): item=0 name="/tmp/myfile"
> inode=75723 dev=08:05 mode=0100644 ouid=1000 ogid=0 rdev=00:00
D'oh... that was supposed to be the output from:
# tail -3 /var/log/audit/audit.log
Hopefully everything else is reasonably clear. =)
- Jeff
More information about the TriLUG
mailing list