[PATCH] execve argument logging
Steve Grubb
sgrubb at redhat.com
Fri Apr 21 13:20:10 UTC 2006
Al,
Thanks for posting this.
Amy,
To give some background...we have this open bugzilla:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168285
It was agreed last summer that this would be useful for people. It has nothing
to do with CAPP certification, so it was put on the back burner. No one had
the time to complete it until now. What the patch does is collect the string
arguments to execve and logs them as an auxiliary record. It was also put
onto linux-audit mail list as a proposal, item #1 here:
https://www.redhat.com/archives/linux-audit/2005-September/msg00061.html
Hope this helps...
-Steve
More information about the Linux-audit
mailing list