Sucess or failure?
Peter Moody
pmoody at google.com
Sun Jul 22 02:34:20 UTC 2012
On Sat, Jul 21, 2012 at 6:48 PM, Michael Mather
<michael.mather at teksavvy.com> wrote:
> Hi,
>
> I enter the command "sudo cp qwerty /etc/xxx"
> and get the reply: "cp: cannot stat `qwerty': No such file or directory."
>
> A number of log entries are written. The last two are, in part:
>
> type=SYSCALL success=yes
> type=EXECVE argc=3 a0="cp" a1="qwerty" a2="/etc/xxx"
>
> My problem is with "success=yes".
What's the actual syscall and what's the actual rule that triggering the entry?
>
> What is happening?
>
> Thanks - Michael Mather
> -----------------------
>
>
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
--
Peter Moody Google 1.650.253.7306
Security Engineer pgp:0xC3410038
More information about the Linux-audit
mailing list