On Thu, Jan 16, 2014 at 8:40 AM, William Roberts
wrote:
> On Thu, Jan 16, 2014 at 7:11 AM, Steve Grubb wrote:
>> On Thursday, January 16, 2014 07:03:34 AM William Roberts wrote:
>>> On Thu, Jan 16, 2014 at 6:02 AM, Steve Grubb wrote:
>>> > On Wednesday, January 15, 2014 09:08:39 PM William
On Thursday, January 16, 2014 07:03:34 AM William Roberts wrote:
> On Thu, Jan 16, 2014 at 6:02 AM, Steve Grubb wrote:
> > On Wednesday, January 15, 2014 09:08:39 PM William Roberts wrote:
> >> >> > Try this,
> >> >> >
> >> >> > cp /bin/ls 'test test test'
> >> >> > auditctll -a always,exit -F
On Thu, Jan 16, 2014 at 6:02 AM, Steve Grubb wrote:
> On Wednesday, January 15, 2014 09:08:39 PM William Roberts wrote:
>> >> > Try this,
>> >> >
>> >> > cp /bin/ls 'test test test'
>> >> > auditctll -a always,exit -F arch=b64 -S stat -k test
>> >> > ./test\ test\ test './test\ test\ test'
>> >>
On Wednesday, January 15, 2014 09:08:39 PM William Roberts wrote:
> >> > Try this,
> >> >
> >> > cp /bin/ls 'test test test'
> >> > auditctll -a always,exit -F arch=b64 -S stat -k test
> >> > ./test\ test\ test './test\ test\ test'
> >> > auditctl -D
> >> > ausearch --start recent --key test
> >>
On Wednesday, January 15, 2014 09:08:39 PM William Roberts wrote:
Try this,
cp /bin/ls 'test test test'
auditctll -a always,exit -F arch=b64 -S stat -k test
./test\ test\ test './test\ test\ test'
auditctl -D
ausearch --start recent --key test
On the event of weird
On Thu, Jan 16, 2014 at 6:02 AM, Steve Grubb sgr...@redhat.com wrote:
On Wednesday, January 15, 2014 09:08:39 PM William Roberts wrote:
Try this,
cp /bin/ls 'test test test'
auditctll -a always,exit -F arch=b64 -S stat -k test
./test\ test\ test './test\ test\ test'
auditctl -D
On Thursday, January 16, 2014 07:03:34 AM William Roberts wrote:
On Thu, Jan 16, 2014 at 6:02 AM, Steve Grubb sgr...@redhat.com wrote:
On Wednesday, January 15, 2014 09:08:39 PM William Roberts wrote:
Try this,
cp /bin/ls 'test test test'
auditctll -a always,exit -F arch=b64 -S
On Thu, Jan 16, 2014 at 8:40 AM, William Roberts
bill.c.robe...@gmail.com wrote:
On Thu, Jan 16, 2014 at 7:11 AM, Steve Grubb sgr...@redhat.com wrote:
On Thursday, January 16, 2014 07:03:34 AM William Roberts wrote:
On Thu, Jan 16, 2014 at 6:02 AM, Steve Grubb sgr...@redhat.com wrote:
On
On Wed, Jan 15, 2014 at 8:51 PM, Steve Grubb wrote:
> On Wednesday, January 15, 2014 05:44:29 PM William Roberts wrote:
>> On Wed, Jan 15, 2014 at 5:33 PM, Steve Grubb wrote:
>> > On Wednesday, January 15, 2014 05:08:13 PM William Roberts wrote:
>> >> On Wed, Jan 15, 2014 at 4:54 PM, Steve Grubb
On Wednesday, January 15, 2014 05:44:29 PM William Roberts wrote:
> On Wed, Jan 15, 2014 at 5:33 PM, Steve Grubb wrote:
> > On Wednesday, January 15, 2014 05:08:13 PM William Roberts wrote:
> >> On Wed, Jan 15, 2014 at 4:54 PM, Steve Grubb wrote:
> >> > On Wednesday, January 15, 2014 01:02:14 PM
On Wed, Jan 15, 2014 at 5:33 PM, Steve Grubb wrote:
> On Wednesday, January 15, 2014 05:08:13 PM William Roberts wrote:
>> On Wed, Jan 15, 2014 at 4:54 PM, Steve Grubb wrote:
>> > On Wednesday, January 15, 2014 01:02:14 PM William Roberts wrote:
>> >> During an audit event, cache and print the
On Wednesday, January 15, 2014 05:08:13 PM William Roberts wrote:
> On Wed, Jan 15, 2014 at 4:54 PM, Steve Grubb wrote:
> > On Wednesday, January 15, 2014 01:02:14 PM William Roberts wrote:
> >> During an audit event, cache and print the value of the process's
> >> cmdline value (proc//cmdline).
On Wed, Jan 15, 2014 at 4:54 PM, Steve Grubb wrote:
> On Wednesday, January 15, 2014 01:02:14 PM William Roberts wrote:
>> During an audit event, cache and print the value of the process's
>> cmdline value (proc//cmdline). This is useful in situations
>> where processes are started via fork'd
On Wednesday, January 15, 2014 01:02:14 PM William Roberts wrote:
> During an audit event, cache and print the value of the process's
> cmdline value (proc//cmdline). This is useful in situations
> where processes are started via fork'd virtual machines where the
> comm field is incorrect. Often
During an audit event, cache and print the value of the process's
cmdline value (proc//cmdline). This is useful in situations
where processes are started via fork'd virtual machines where the
comm field is incorrect. Often times, setting the comm field still
is insufficient as the comm width is
During an audit event, cache and print the value of the process's
cmdline value (proc/pid/cmdline). This is useful in situations
where processes are started via fork'd virtual machines where the
comm field is incorrect. Often times, setting the comm field still
is insufficient as the comm width is
On Wednesday, January 15, 2014 01:02:14 PM William Roberts wrote:
During an audit event, cache and print the value of the process's
cmdline value (proc/pid/cmdline). This is useful in situations
where processes are started via fork'd virtual machines where the
comm field is incorrect. Often
On Wed, Jan 15, 2014 at 4:54 PM, Steve Grubb sgr...@redhat.com wrote:
On Wednesday, January 15, 2014 01:02:14 PM William Roberts wrote:
During an audit event, cache and print the value of the process's
cmdline value (proc/pid/cmdline). This is useful in situations
where processes are started
On Wednesday, January 15, 2014 05:08:13 PM William Roberts wrote:
On Wed, Jan 15, 2014 at 4:54 PM, Steve Grubb sgr...@redhat.com wrote:
On Wednesday, January 15, 2014 01:02:14 PM William Roberts wrote:
During an audit event, cache and print the value of the process's
cmdline value
On Wed, Jan 15, 2014 at 5:33 PM, Steve Grubb sgr...@redhat.com wrote:
On Wednesday, January 15, 2014 05:08:13 PM William Roberts wrote:
On Wed, Jan 15, 2014 at 4:54 PM, Steve Grubb sgr...@redhat.com wrote:
On Wednesday, January 15, 2014 01:02:14 PM William Roberts wrote:
During an audit
On Wednesday, January 15, 2014 05:44:29 PM William Roberts wrote:
On Wed, Jan 15, 2014 at 5:33 PM, Steve Grubb sgr...@redhat.com wrote:
On Wednesday, January 15, 2014 05:08:13 PM William Roberts wrote:
On Wed, Jan 15, 2014 at 4:54 PM, Steve Grubb sgr...@redhat.com wrote:
On Wednesday,
On Wed, Jan 15, 2014 at 8:51 PM, Steve Grubb sgr...@redhat.com wrote:
On Wednesday, January 15, 2014 05:44:29 PM William Roberts wrote:
On Wed, Jan 15, 2014 at 5:33 PM, Steve Grubb sgr...@redhat.com wrote:
On Wednesday, January 15, 2014 05:08:13 PM William Roberts wrote:
On Wed, Jan 15, 2014
On Mon, Jan 13, 2014 at 12:02 PM, William Roberts
wrote:
> During an audit event, cache and print the value of the process's
> cmdline value (proc//cmdline). This is useful in situations
> where processes are started via fork'd virtual machines where the
> comm field is incorrect. Often times,
During an audit event, cache and print the value of the process's
cmdline value (proc//cmdline). This is useful in situations
where processes are started via fork'd virtual machines where the
comm field is incorrect. Often times, setting the comm field still
is insufficient as the comm width is
During an audit event, cache and print the value of the process's
cmdline value (proc/pid/cmdline). This is useful in situations
where processes are started via fork'd virtual machines where the
comm field is incorrect. Often times, setting the comm field still
is insufficient as the comm width is
On Mon, Jan 13, 2014 at 12:02 PM, William Roberts
bill.c.robe...@gmail.com wrote:
During an audit event, cache and print the value of the process's
cmdline value (proc/pid/cmdline). This is useful in situations
where processes are started via fork'd virtual machines where the
comm field is
26 matches
Mail list logo