Converting relative path to absolute path
Peter Moody
pmoody at google.com
Fri Dec 6 16:42:44 UTC 2013
On Thu, Dec 5, 2013 at 7:35 PM, Aaron Lewis <the.warl0ck.1989 at gmail.com> wrote:
> Hi,
>
> If I access a file with relative path, the PATH audit message would be
> a relative path as well.
>
> I wonder if I can change this behavior without modifying the kernel?
IIUC, there should be a CWD message to go along with the PATH message.
You should be able to use that to find the absolute path
> (It seem audit daemon just receive the msg= field from kernel directly)
>
> --
> Best Regards,
> Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com )
> Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
--
[ Peter Moody | Security Engineer | Google ]
More information about the Linux-audit
mailing list