On Thursday, September 7, 2017 6:32:39 PM EDT Steve Grubb wrote:
> On Wednesday, September 6, 2017 6:03:18 AM EDT Lev Olshvang wrote:
> > I got only following SYSCALL record in audit log for 'touch -t ' command,
> > no CWD, no PATH record
>
> Out of curiosity, what kind of rule were you using?
Al
On 2017-09-08 09:27, Steve Grubb wrote:
> On Friday, September 8, 2017 4:41:47 AM EDT Richard Guy Briggs wrote:
> > On 2017-09-07 18:32, Steve Grubb wrote:
> > > On Wednesday, September 6, 2017 6:03:18 AM EDT Lev Olshvang wrote:
> > > > I got only following SYSCALL record in audit log for 'touch -t
On Friday, September 8, 2017 4:41:47 AM EDT Richard Guy Briggs wrote:
> On 2017-09-07 18:32, Steve Grubb wrote:
> > On Wednesday, September 6, 2017 6:03:18 AM EDT Lev Olshvang wrote:
> > > I got only following SYSCALL record in audit log for 'touch -t '
> > > command, no CWD, no PATH record
> >
>
On 2017-09-07 18:32, Steve Grubb wrote:
> On Wednesday, September 6, 2017 6:03:18 AM EDT Lev Olshvang wrote:
> > I got only following SYSCALL record in audit log for 'touch -t ' command, no
> > CWD, no PATH record
>
> Out of curiosity, what kind of rule were you using?
>
> > type=SYSCALL msg=audi
On Wednesday, September 6, 2017 6:03:18 AM EDT Lev Olshvang wrote:
> I got only following SYSCALL record in audit log for 'touch -t ' command, no
> CWD, no PATH record
Out of curiosity, what kind of rule were you using?
> type=SYSCALL msg=audit(1503837757.149:266995):
> arch=c03e syscall=280
I got only following SYSCALL record in audit log for 'touch -t ' command, no CWD, no PATH recordtype=SYSCALL msg=audit(1503837757.149:266995): arch=c03e syscall=280 success=yes exit=0 a0=0 a1=0 a2=7fffbb26bb10 a3=0 items=0 ppid=101 pid=102 auid=1000 uid=0 gid=31 euid=0 suid=0 fsuid=0 egid=0 sgi
