auditd not triggering ANOM_ROOT_TRANS record
teroz
terence.namusonge at gmail.com
Tue Oct 25 12:09:58 UTC 2016
I used one of the dirtycow root exploits on Fedora24 configured
with 30-pci-dss-v31.rules. I was expecting an ANOM_ROOT_TRANS record but
didn't get one. What triggers an ANOM_ROOT_TRANS record? What then is the
best way to trivially audit for a successful privilege escalation?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20161025/9fd8e0fe/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: audit.log.excerpt
Type: application/octet-stream
Size: 2386 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20161025/9fd8e0fe/attachment.obj>
More information about the Linux-audit
mailing list