Some syscalls not getting records
Kris Wilson
krisw at us.ibm.com
Mon Feb 14 20:44:14 UTC 2005
Hi,
The India team was seeing a lack of audit records in some of the syscalls
tests,
so I did a little manual experimenting. With rules set for entry and exit
for chown
and chmod, I found that I got records for chmod and not chown (same results
if
I only have rules for one or the other). As root I created a file, su'ed
to ealuser,
and tried to do chmod and chown on that file. A record was created for
chmod but
not for chown. I su'ed back to root and successfully executed both
commands;
again a record for chmod but not chown. We were getting records for chown
on
the previous audit release. I haven't tried other syscalls to see how many
might
have this problem.
Kris Wilson
Linux Security
(512) 838-0126 T/L:678-0126
krisw at us.ibm.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050214/9d7eb105/attachment.htm>
More information about the Linux-audit
mailing list