type=PROCTITLE events not being populated in /var/log/audit/audit.log

Joshua Ammons Joshua.Ammons at walmart.com
Wed Jan 10 22:41:03 UTC 2018


I wanted to check if anyone was aware of a setting on RedHat box for enabling the PROCTITLE event type for audit logs?  Is there any difference between RedHat and CentOS?  I have one box running RedHat 7.3 and another running CentOS 7.3, with auditd enabled on both with the same rules.  However, only the RedHat box is populating the event type PROCTITLE - the CentOS box does not.

I would like to get the PROCTITLE event type working on my CentOS box as well, if possible, but I cannot find any documentation online about anyone else having this issue and how to resolve.

Thanks for your time.

Joshua Ammons Advanced SIEM Engineer, Cybersecurity
Global Business Services
Office 479.204.4472 | Mobile 479.595.2291
Joshua.Ammons at walmart.com

805 Moberly Ln
Bentonville, AR  72716
Save money. Live better.

[cid:image003.png at 01D38A31.CCC17F20]<https://walmart.facebook.com/groups/435932993428953/?fref=nf>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20180110/de7bbbd3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 6820 bytes
Desc: image003.png
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20180110/de7bbbd3/attachment.png>

More information about the Linux-audit mailing list