SIGXCPU and Auditd
Steve Grubb
sgrubb at redhat.com
Tue Nov 5 13:27:28 UTC 2013
On Tuesday, November 05, 2013 06:39:04 PM Paul Davies C wrote:
> Hi,
>
> Is there any way to make the *auditd system to log the SIGXCPU signal*?
> As of now , without writing any specific rules, SIGSEGV is getting
> logged. In my log I found lines as below :
> /
> type=ANOM_ABEND msg=audit(1383644379.989:88): auid=1000 uid=1000
> gid=1000 ses=5 pid=2688 comm="chrome" reason="memory violation" sig=11/
The ABnormal END event is triggered by any event that would be terminated by
the kernel with a core dump. Looking at the signal(7) man page, SIGXCPU by
default would core. So, it should trigger an event. I don't have a test case
to prove it, though.
Steve
More information about the Linux-audit
mailing list