Exclude /usr/libexec/mysqld from audit.rules

Steve Grubb sgrubb at redhat.com
Mon Dec 9 15:34:19 UTC 2013


On Monday, December 09, 2013 10:20:41 AM Derek Warner wrote:
> How did you "interpret" the log setting to retreive the syscall
> "sched_setparam"?

I copied the text and ran it through ausearch with the '-i' commandline 
option.


> Anyhow I am not sure why we want this, I have no idea what the
> sched_setparam actually does. 

It changes the priority of the process. Which is not exactly security 
critical. For concerns in this area, one would generally set rlimits to 
prevent a resource hog. Additionally, if you really, really wanted to see 
this, you'd only want the ones that succeed or fail due to EPERM.


>Did you do a lookup on the mysql syscall number?

No, I used the audit tools to check it.

-Steve




More information about the Linux-audit mailing list