Re: SIGXCPU and Auditd
Audit system do logs the core dump signals. It was a misunderstanding from my part that lead me to believe that audit does not log SIGXCPU. Sorry for the confusion. -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
Re: SIGXCPU and Auditd
On Tuesday, November 05, 2013 07:16:21 PM Paul Davies C wrote: > In the man page it is written that *core dump on SIGXCPU **can fail* . > That is probably the reason why it is not logged. I think we would want the event even if the core dump failed. Maybe the hook placement needs review? Its probably been 5 years since it was put in the kernel...that's a lot of time for things to change. -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
Re: SIGXCPU and Auditd
In the man page it is written that *core dump on SIGXCPU **can fail* . That is probably the reason why it is not logged. -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
Re: SIGXCPU and Auditd
On Tuesday, November 05, 2013 06:39:04 PM Paul Davies C wrote: > Hi, > > Is there any way to make the *auditd system to log the SIGXCPU signal*? > As of now , without writing any specific rules, SIGSEGV is getting > logged. In my log I found lines as below : > / > type=ANOM_ABEND msg=audit(1383644379.989:88): auid=1000 uid=1000 > gid=1000 ses=5 pid=2688 comm="chrome" reason="memory violation" sig=11/ The ABnormal END event is triggered by any event that would be terminated by the kernel with a core dump. Looking at the signal(7) man page, SIGXCPU by default would core. So, it should trigger an event. I don't have a test case to prove it, though. Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
SIGXCPU and Auditd
Hi, Is there any way to make the *auditd system to log the SIGXCPU signal*? As of now , without writing any specific rules, SIGSEGV is getting logged. In my log I found lines as below : / type=ANOM_ABEND msg=audit(1383644379.989:88): auid=1000 uid=1000 gid=1000 ses=5 pid=2688 comm="chrome" reason="memory violation" sig=11/ -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit