On Fri, 6 Sep 2019 at 17:41, Andrew Cagney <[email protected]> wrote:
> > > On Fri, 6 Sep 2019 at 16:29, Paul Wouters <[email protected]> wrote: > >> Although then perhaps you should check pluto.log too ? But that would >> likely give false positives too ? >> >> > It's checking pluto.log (that wasn't changed). I don't think that will > generate false positives. > If we can figure out a way to create a DN containing crud, we might want > to also check the log file for !isprint(). > > Tweaking things to check the sanitized output didn't help much. Flipping things on their head, other than the audit tests/machines is there any reason to be running audit? > Sent from mobile device >> >> On Sep 6, 2019, at 16:24, Andrew Cagney <[email protected]> wrote: >> >> >> >> On Thu, 5 Sep 2019 at 10:52, Paul Wouters <[email protected]> wrote: >> >>> On Wed, 4 Sep 2019, Andrew Cagney wrote: >>> >>> > Look in nic.console.verbose.txt >>> > >>> > type=SYSCALL msg=audit(1567646808.958:61): arch=c000003e syscall=165 >>> success=yes exit=0 a0=0 a1=55cef7279d60 a2=0 a3=1031 items=1 ppid=1 pid=486 >>> auid=429496729 >>> > 5 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) >>> >>> Should it not only trigger for the console.txt's? instead of looking at >>> the verbose console.txt's? If it did that, we could add a sanitizer to >>> strip out: tty=(none) >>> >>> >> I'll try this - nic's sanitized output already looks pretty empty. >> >>
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
