SIGXCPU and Auditd

Tue Nov 5 13:27:28 UTC 2013

On Tuesday, November 05, 2013 06:39:04 PM Paul Davies C wrote:
> Hi,
> 
> Is there any way to make the *auditd system to log the SIGXCPU signal*?
> As of now , without writing any specific rules, SIGSEGV is getting
> logged. In my log I found lines as below :
> /
> type=ANOM_ABEND msg=audit(1383644379.989:88): auid=1000 uid=1000
> gid=1000 ses=5 pid=2688 comm="chrome" reason="memory violation" sig=11/

The ABnormal END event is triggered by any event that would be terminated by 
the kernel with a core dump. Looking at the signal(7) man page, SIGXCPU by 
default would core. So, it should trigger an event. I don't have a test case 
to prove it, though.

Steve