Example: /var/log/audit/audit.log :
type=DAEMON_START msg=audit(1189451486.028:5177) auditd start, ver=1.5.4, format=raw, auid=4294967295 pid=3838 res=success, auditd pid=3838 type=CONFIG_CHANGE msg=audit(1189451486.195:10): audit_enabled=1 old=0 by auid=4294967295 res=1 type=CONFIG_CHANGE msg=audit(1189451486.195:11): audit_backlog_limit=320 old=64 by auid=4294967295 res=1 /var/log/kern.log: Sep 10 15:11:26 gutsy-server kernel: [16032.940265] audit(1189451484.195:3): operation="file_mmap" requested_mask="mr" denied_mask="m" name="/etc/passwd" pid=3808 profile="/sbin/syslogd" Sep 10 15:11:26 gutsy-server kernel: [16032.951959] audit(1189451484.195:4): operation="file_lock" requested_mask="k" denied_mask="k" name="/var/run/syslogd.pid" pid=3809 profile="/sbin/syslogd" Sep 10 15:11:26 gutsy-server kernel: [16032.959242] audit(1189451484.195:5): operation="file_lock" requested_mask="k" denied_mask="k" name="/var/run/syslogd.pid" pid=3809 profile="/sbin/syslogd" Sep 10 15:11:26 gutsy-server kernel: [16032.999285] process `syslogd' is using obsolete setsockopt SO_BSDCOMPAT Sep 10 15:11:26 gutsy-server kernel: [16033.010586] audit(1189451484.195:6): operation="file_mmap" requested_mask="mr" denied_mask="m" name="/etc/group" pid=3809 profile="/sbin/syslogd" Sep 10 15:11:26 gutsy-server kernel: [16033.011228] audit(1189451484.195:7): operation="capable" name="setgid" pid=3809 profile="/sbin/syslogd" Sep 10 15:11:26 gutsy-server kernel: [16033.011303] audit(1189451484.195:8): operation="capable" name="setuid" pid=3809 profile="/sbin/syslogd" Sep 10 15:11:26 gutsy-server kernel: [16034.511066] audit(1189451485.695:9): audit_pid=3838 old=0 by auid=4294967295 -- auditd is enabled too late in the boot process https://bugs.launchpad.net/bugs/138737 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
