On Sat, Jul 21, 2012 at 6:48 PM, Michael Mather <[email protected]> wrote: > Hi, > > I enter the command "sudo cp qwerty /etc/xxx" > and get the reply: "cp: cannot stat `qwerty': No such file or directory." > > A number of log entries are written. The last two are, in part: > > type=SYSCALL success=yes > type=EXECVE argc=3 a0="cp" a1="qwerty" a2="/etc/xxx" > > My problem is with "success=yes".
What's the actual syscall and what's the actual rule that triggering the entry? > > What is happening? > > Thanks - Michael Mather > ----------------------- > > > > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit -- Peter Moody Google 1.650.253.7306 Security Engineer pgp:0xC3410038 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
