On Mon, Oct 7, 2013 at 1:30 PM, zhu xiuming xiuming...@gmail.com wrote:
This is correct. The problem is, this records every keystrokes and even the
password of the users. While I only care about the user command history, I
surely do not want to know their passwords.
There is another problem
On Monday, October 28, 2013 04:50:38 PM William Roberts wrote:
On some devices, the cmdline and task info vary. For instance, on
Android, the cmdline is set to the package name, and the task info
is the name of the VM, which is not very helpful.
The additional cmdline output only runs if the
On Tue, Oct 29, 2013 at 8:14 AM, Steve Grubb sgr...@redhat.com wrote:
On Monday, October 28, 2013 04:50:38 PM William Roberts wrote:
On some devices, the cmdline and task info vary. For instance, on
Android, the cmdline is set to the package name, and the task info
is the name of the VM,
Hello,
On Tuesday, October 29, 2013 10:44:48 AM William Roberts wrote:
On Tue, Oct 29, 2013 at 8:14 AM, Steve Grubb sgr...@redhat.com wrote:
On Monday, October 28, 2013 04:50:38 PM William Roberts wrote:
I'm 100% ok with the dynamic option changing it from NULL to a real value
IMO a like
On Tue, Oct 29, 2013 at 12:01 PM, Steve Grubb sgr...@redhat.com wrote:
Hello,
On Tuesday, October 29, 2013 10:44:48 AM William Roberts wrote:
On Tue, Oct 29, 2013 at 8:14 AM, Steve Grubb sgr...@redhat.com wrote:
On Monday, October 28, 2013 04:50:38 PM William Roberts wrote:
I'm 100% ok
Hey all,
I'm trying to find a definition of auid, besides audit UID. If user Joe
with UID 1814 logs in and sudo to application account british which has a
UID of 1776, is the auid of Joe's action 1814 or 1776? If someone does an
su - to root, is their auid 0?
Thanks!
Leam
--
Mind on a
James, thanks! I thought that was it, but I have to brief on recommended
audit.rules changes and hate telling someone something when I'm not sure.
Leam
On Tue, Oct 29, 2013 at 3:43 PM, CHAPLIN, JAMES (CTR)
james.chap...@cbp.dhs.gov wrote:
His auid will be 1814 and does not change as long as
The -f flag is set to 0, 1, or 2 and specifies what to do on failure. Is
that failure any logging event? Or just logging events when the backlog
is higher than whatever the -b option sets it to?
Thanks!
Leam
--
Mind on a Mission http://leamhall.blogspot.com/
--
Linux-audit mailing list
On Tuesday, October 29, 2013 12:12:29 PM William Roberts wrote:
to small for most package names, and
already contains the VM command. I really have no information of what
Android App has created the issue.
This is true for all arches. Usually you can have it pretty narrowly
defined
On Tuesday, October 29, 2013 03:39:35 PM leam hall wrote:
I'm trying to find a definition of auid, besides audit UID. If user Joe
with UID 1814 logs in and sudo to application account british which has a
UID of 1776, is the auid of Joe's action 1814 or 1776? If someone does an
su - to root, is
On Tuesday, October 29, 2013 03:51:53 PM leam hall wrote:
The -f flag is set to 0, 1, or 2 and specifies what to do on failure. Is
that failure any logging event? Or just logging events when the backlog
is higher than whatever the -b option sets it to?
Thanks!
Leam
From the auditctl man
Steve, thanks!
Leam
On Tue, Oct 29, 2013 at 4:17 PM, Steve Grubb sgr...@redhat.com wrote:
On Tuesday, October 29, 2013 03:51:53 PM leam hall wrote:
The -f flag is set to 0, 1, or 2 and specifies what to do on failure. Is
that failure any logging event? Or just logging events when the
On Tue, Oct 29, 2013 at 12:55 PM, Steve Grubb sgr...@redhat.com wrote:
On Tuesday, October 29, 2013 12:12:29 PM William Roberts wrote:
to small for most package names, and
already contains the VM command. I really have no information of what
Android App has created the issue.
On Tue, 2013-10-29 at 17:28 -0400, Paul Moore wrote:
Take x86_64 and x32 as an example (think of x32 as a 32-bit version of
x86_64). Both x32 and x86_64 use the AUDIT_ARCH_X86_64 value and general
calling convention, but they have a different syscall table.
I guess a good question is is
On Tue, Oct 29, 2013 at 1:25 PM, William Roberts
bill.c.robe...@gmail.comwrote:
On Tue, Oct 29, 2013 at 12:55 PM, Steve Grubb sgr...@redhat.com wrote:
On Tuesday, October 29, 2013 12:12:29 PM William Roberts wrote:
to small for most package names, and
already contains the VM
On Tue, Oct 29, 2013 at 4:24 PM, William Roberts
bill.c.robe...@gmail.comwrote:
On Tue, Oct 29, 2013 at 1:25 PM, William Roberts bill.c.robe...@gmail.com
wrote:
On Tue, Oct 29, 2013 at 12:55 PM, Steve Grubb sgr...@redhat.com wrote:
On Tuesday, October 29, 2013 12:12:29 PM William
16 matches
Mail list logo