~ubuntu-branches/ubuntu/maverick/audit/maverick

Viewing changes to auparse/test/auparse_test.ref

Committer: Bazaar Package Importer
Author(s): Mathias Gug
Date: 2007-06-29 13:05:14 UTC
mfrom: (1.1.1 upstream)
Revision ID: james.westby@ubuntu.com-20070629130514-z798cz4lebiahj5w

Tags: 1.5.4-0ubuntu1

* New upstream version.
* debian/patches/audit-1.5.1-dist.patch:
  * update so that it applies for 1.5.4.
* debian/control:
  * update Maintainer and XSBC-Original-Maintainer fields.
* debian/rules:
  * enable apparmor support: add --with-apparmor to configure options.

files added:
auparse/data_buf.c

auparse/data_buf.h

auparse/test/Makefile.am

auparse/test/Makefile.in

auparse/test/auparse_test.ref

auparse/test/tmp

auparse/test/tmp1

auparse/test/tmp2

docs/auparse_add_callback.3

docs/auparse_feed.3

docs/auparse_flush_feed.3

docs/auparse_get_filename.3

docs/auparse_get_line_number.3

init.d/audispd.conf

new_audispd

new_audispd/Makefile.am

new_audispd/audispd-builtins.c

new_audispd/audispd-builtins.h

new_audispd/audispd-config.c

new_audispd/audispd-config.h

new_audispd/audispd-llist.c

new_audispd/audispd-llist.h

new_audispd/audispd-pconfig.c

new_audispd/audispd-pconfig.h

new_audispd/audispd.c

new_audispd/configs

new_audispd/configs/Makefile.am

new_audispd/configs/af_unix.conf

new_audispd/configs/syslog.conf

new_audispd/queue.c

new_audispd/queue.h

files removed:
auparse/test/Makefile

files modified:
ChangeLog

THANKS

TODO

audit.spec

auparse/Makefile.am

auparse/auparse-defs.h

auparse/auparse.c

auparse/auparse.h

auparse/ellist.c

auparse/ellist.h

auparse/internal.h

auparse/rnode.h

auparse/test/auparse_test.c

auparse/test/auparse_test.py

auparse/typetab.h

bindings/python/auparse_python.c

config.guess

configure.ac

contrib/skeleton.c

debian/changelog

debian/control

debian/patches/audit-1.5.1-dist.patch

debian/rules

docs/Makefile.am

docs/auditctl.8

docs/auparse_init.3

docs/ausearch.8

init.d/Makefile.am

lib/audit_logging.c

lib/deprecated.c

lib/fieldtab.h

lib/libaudit.c

lib/libaudit.h

lib/msg_typetab.h

src/auditctl.c

src/auditd-config.c

src/aureport-options.c

src/aureport-output.c

src/ausearch-parse.c

swig/auditswig.i

Show diffs side-by-side

added added

removed removed

auparse/test/auparse_test.ref

Starting Test 1, iterate...

auid=4294967295

interp auid=unset

auid=48

interp auid=apache

auid=48

interp auid=apache

Test 1 Done

Starting Test 2, walk events, records, and fields...

event 1 has 1 records

record 1 of type 1006(LOGIN) has 5 fields

line=1 file=None

event time: 1143146623.787:142

type=LOGIN (LOGIN)

pid=2027 (2027)

uid=0 (root)

auid=4294967295 (unset)

auid=48 (apache)

event 2 has 1 records

record 1 of type 1300(SYSCALL) has 24 fields

line=2 file=None

event time: 1143146623.875:143

type=SYSCALL (SYSCALL)

arch=c000003e (x86_64)

syscall=188 (setxattr)

success=yes (yes)

exit=0 (0)

a0=7fffffa9a9f0 (7fffffa9a9f0)

a1=3958d11333 (3958d11333)

a2=5131f0 (5131f0)

a3=20 (20)

items=1 (1)

pid=2027 (2027)

auid=48 (apache)

uid=0 (root)

gid=0 (root)

euid=0 (root)

suid=0 (root)

fsuid=0 (root)

egid=0 (root)

sgid=0 (root)

fsgid=0 (root)

tty=tty3 (tty3)

comm="login" (login)

exe="/bin/login" (/bin/login)

subj=system_u:system_r:local_login_t:s0-s0:c0.c255 (system_u:system_r:local_login_t:s0-s0:c0.c255)

event 3 has 1 records

record 1 of type 1112(USER_LOGIN) has 10 fields

line=3 file=None

event time: 1143146623.879:146

type=USER_LOGIN (USER_LOGIN)

pid=2027 (2027)

uid=0 (root)

auid=48 (apache)

uid=48 (apache)

exe="/bin/login" (/bin/login)

hostname=? (?)

addr=? (?)

terminal=tty3 (tty3)

res=success (success)

Test 2 Done

Starting Test 3, walk events, records of 1 buffer...

event has 1 records

record 1 of type 1112(USER_LOGIN) has 10 fields

line=1 file=None

event time: 1143146623.879:146

Test 3 Done

Starting Test 4, walk events, records of 1 file...

event 1 has 4 records

record 1 of type 1400(AVC) has 11 fields

line=1 file=./test.log

event time: 1170021493.977:293

type=AVC (AVC)

seresult=denied (denied)

seperms=read,write (read,write)

pid=13010 (13010)

comm="pickup" (pickup)

name="maildrop" (maildrop)

dev=hda7 (hda7)

ino=14911367 (14911367)

scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)

tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

tclass=dir (dir)

record 2 of type 1300(SYSCALL) has 26 fields

line=2 file=./test.log

event time: 1170021493.977:293

type=SYSCALL (SYSCALL)

arch=c000003e (x86_64)

syscall=2 (open)

success=no (no)

exit=-13 (-13(Permission denied))

100

a0=5555665d91b0 (5555665d91b0)

101

a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)

102

a2=5555665d91b8 (5555665d91b8)

103

a3=0 (0)

104

items=1 (1)

105

ppid=2013 (2013)

106

pid=13010 (13010)

107

auid=4294967295 (unset)

108

uid=89 (unknown(89))

109

gid=89 (unknown(89))

110

euid=89 (unknown(89))

111

suid=89 (unknown(89))

112

fsuid=89 (unknown(89))

113

egid=89 (unknown(89))

114

sgid=89 (unknown(89))

115

fsgid=89 (unknown(89))

116

tty=(none) ((none))

117

comm="pickup" (pickup)

118

exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)

119

subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)

120

key=(null) ((null))

121

122

record 3 of type 1307(CWD) has 2 fields

123

line=3 file=./test.log

124

event time: 1170021493.977:293

125

type=CWD (CWD)

126

cwd="/var/spool/postfix" (/var/spool/postfix)

127

128

record 4 of type 1302(PATH) has 10 fields

129

line=4 file=./test.log

130

event time: 1170021493.977:293

131

type=PATH (PATH)

132

item=0 (0)

133

name="maildrop" (maildrop)

134

inode=14911367 (14911367)

135

dev=03:07 (03:07)

136

mode=040730 (dir, 730)

137

ouid=89 (unknown(89))

138

ogid=90 (unknown(90))

139

rdev=00:00 (00:00)

140

obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

141

142

event 2 has 1 records

143

record 1 of type 1101(USER_ACCT) has 11 fields

144

line=5 file=./test.log

145

event time: 1170021601.340:294

146

type=USER_ACCT (USER_ACCT)

147

pid=13015 (13015)

148

uid=0 (root)

149

auid=4294967295 (unset)

150

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

151

acct=root (root)

152

exe="/usr/sbin/crond" (/usr/sbin/crond)

153

hostname=? (?)

154

addr=? (?)

155

terminal=cron (cron)

156

res=success (success)

157

158

event 3 has 1 records

159

record 1 of type 1103(CRED_ACQ) has 11 fields

160

line=6 file=./test.log

161

event time: 1170021601.342:295

162

type=CRED_ACQ (CRED_ACQ)

163

pid=13015 (13015)

164

uid=0 (root)

165

auid=4294967295 (unset)

166

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

167

acct=root (root)

168

exe="/usr/sbin/crond" (/usr/sbin/crond)

169

hostname=? (?)

170

addr=? (?)

171

terminal=cron (cron)

172

res=success (success)

173

174

event 4 has 1 records

175

record 1 of type 1006(LOGIN) has 5 fields

176

line=7 file=./test.log

177

event time: 1170021601.343:296

178

type=LOGIN (LOGIN)

179

pid=13015 (13015)

180

uid=0 (root)

181

auid=4294967295 (unset)

182

auid=0 (root)

183

184

event 5 has 1 records

185

record 1 of type 1105(USER_START) has 11 fields

186

line=8 file=./test.log

187

event time: 1170021601.344:297

188

type=USER_START (USER_START)

189

pid=13015 (13015)

190

uid=0 (root)

191

auid=0 (root)

192

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

193

acct=root (root)

194

exe="/usr/sbin/crond" (/usr/sbin/crond)

195

hostname=? (?)

196

addr=? (?)

197

terminal=cron (cron)

198

res=success (success)

199

200

event 6 has 1 records

201

record 1 of type 1104(CRED_DISP) has 11 fields

202

line=9 file=./test.log

203

event time: 1170021601.364:298

204

type=CRED_DISP (CRED_DISP)

205

pid=13015 (13015)

206

uid=0 (root)

207

auid=0 (root)

208

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

209

acct=root (root)

210

exe="/usr/sbin/crond" (/usr/sbin/crond)

211

hostname=? (?)

212

addr=? (?)

213

terminal=cron (cron)

214

res=success (success)

215

216

event 7 has 1 records

217

record 1 of type 1106(USER_END) has 11 fields

218

line=10 file=./test.log

219

event time: 1170021601.366:299

220

type=USER_END (USER_END)

221

pid=13015 (13015)

222

uid=0 (root)

223

auid=0 (root)

224

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

225

acct=root (root)

226

exe="/usr/sbin/crond" (/usr/sbin/crond)

227

hostname=? (?)

228

addr=? (?)

229

terminal=cron (cron)

230

res=success (success)

231

232

Test 4 Done

233

234

Starting Test 5, walk events, records of 2 files...

235

event 1 has 4 records

236

record 1 of type 1400(AVC) has 11 fields

237

line=1 file=test.log

238

event time: 1170021493.977:293

239

type=AVC (AVC)

240

seresult=denied (denied)

241

seperms=read,write (read,write)

242

pid=13010 (13010)

243

comm="pickup" (pickup)

244

name="maildrop" (maildrop)

245

dev=hda7 (hda7)

246

ino=14911367 (14911367)

247

scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)

248

tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

249

tclass=dir (dir)

250

251

record 2 of type 1300(SYSCALL) has 26 fields

252

line=2 file=test.log

253

event time: 1170021493.977:293

254

type=SYSCALL (SYSCALL)

255

arch=c000003e (x86_64)

256

syscall=2 (open)

257

success=no (no)

258

exit=-13 (-13(Permission denied))

259

a0=5555665d91b0 (5555665d91b0)

260

a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)

261

a2=5555665d91b8 (5555665d91b8)

262

a3=0 (0)

263

items=1 (1)

264

ppid=2013 (2013)

265

pid=13010 (13010)

266

auid=4294967295 (unset)

267

uid=89 (unknown(89))

268

gid=89 (unknown(89))

269

euid=89 (unknown(89))

270

suid=89 (unknown(89))

271

fsuid=89 (unknown(89))

272

egid=89 (unknown(89))

273

sgid=89 (unknown(89))

274

fsgid=89 (unknown(89))

275

tty=(none) ((none))

276

comm="pickup" (pickup)

277

exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)

278

subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)

279

key=(null) ((null))

280

281

record 3 of type 1307(CWD) has 2 fields

282

line=3 file=test.log

283

event time: 1170021493.977:293

284

type=CWD (CWD)

285

cwd="/var/spool/postfix" (/var/spool/postfix)

286

287

record 4 of type 1302(PATH) has 10 fields

288

line=4 file=test.log

289

event time: 1170021493.977:293

290

type=PATH (PATH)

291

item=0 (0)

292

name="maildrop" (maildrop)

293

inode=14911367 (14911367)

294

dev=03:07 (03:07)

295

mode=040730 (dir, 730)

296

ouid=89 (unknown(89))

297

ogid=90 (unknown(90))

298

rdev=00:00 (00:00)

299

obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

300

301

event 2 has 1 records

302

record 1 of type 1101(USER_ACCT) has 11 fields

303

line=5 file=test.log

304

event time: 1170021601.340:294

305

type=USER_ACCT (USER_ACCT)

306

pid=13015 (13015)

307

uid=0 (root)

308

auid=4294967295 (unset)

309

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

310

acct=root (root)

311

exe="/usr/sbin/crond" (/usr/sbin/crond)

312

hostname=? (?)

313

addr=? (?)

314

terminal=cron (cron)

315

res=success (success)

316

317

event 3 has 1 records

318

record 1 of type 1103(CRED_ACQ) has 11 fields

319

line=6 file=test.log

320

event time: 1170021601.342:295

321

type=CRED_ACQ (CRED_ACQ)

322

pid=13015 (13015)

323

uid=0 (root)

324

auid=4294967295 (unset)

325

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

326

acct=root (root)

327

exe="/usr/sbin/crond" (/usr/sbin/crond)

328

hostname=? (?)

329

addr=? (?)

330

terminal=cron (cron)

331

res=success (success)

332

333

event 4 has 1 records

334

record 1 of type 1006(LOGIN) has 5 fields

335

line=7 file=test.log

336

event time: 1170021601.343:296

337

type=LOGIN (LOGIN)

338

pid=13015 (13015)

339

uid=0 (root)

340

auid=4294967295 (unset)

341

auid=0 (root)

342

343

event 5 has 1 records

344

record 1 of type 1105(USER_START) has 11 fields

345

line=8 file=test.log

346

event time: 1170021601.344:297

347

type=USER_START (USER_START)

348

pid=13015 (13015)

349

uid=0 (root)

350

auid=0 (root)

351

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

352

acct=root (root)

353

exe="/usr/sbin/crond" (/usr/sbin/crond)

354

hostname=? (?)

355

addr=? (?)

356

terminal=cron (cron)

357

res=success (success)

358

359

event 6 has 1 records

360

record 1 of type 1104(CRED_DISP) has 11 fields

361

line=9 file=test.log

362

event time: 1170021601.364:298

363

type=CRED_DISP (CRED_DISP)

364

pid=13015 (13015)

365

uid=0 (root)

366

auid=0 (root)

367

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

368

acct=root (root)

369

exe="/usr/sbin/crond" (/usr/sbin/crond)

370

hostname=? (?)

371

addr=? (?)

372

terminal=cron (cron)

373

res=success (success)

374

375

event 7 has 1 records

376

record 1 of type 1106(USER_END) has 11 fields

377

line=10 file=test.log

378

event time: 1170021601.366:299

379

type=USER_END (USER_END)

380

pid=13015 (13015)

381

uid=0 (root)

382

auid=0 (root)

383

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

384

acct=root (root)

385

exe="/usr/sbin/crond" (/usr/sbin/crond)

386

hostname=? (?)

387

addr=? (?)

388

terminal=cron (cron)

389

res=success (success)

390

391

event 8 has 4 records

392

record 1 of type 1400(AVC) has 11 fields

393

line=1 file=test2.log

394

event time: 1170021493.977:293

395

type=AVC (AVC)

396

seresult=denied (denied)

397

seperms=read (read)

398

pid=13010 (13010)

399

comm="pickup" (pickup)

400

name="maildrop" (maildrop)

401

dev=hda7 (hda7)

402

ino=14911367 (14911367)

403

scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)

404

tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

405

tclass=dir (dir)

406

407

record 2 of type 1300(SYSCALL) has 26 fields

408

line=2 file=test2.log

409

event time: 1170021493.977:293

410

type=SYSCALL (SYSCALL)

411

arch=c000003e (x86_64)

412

syscall=2 (open)

413

success=no (no)

414

exit=-13 (-13(Permission denied))

415

a0=5555665d91b0 (5555665d91b0)

416

a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)

417

a2=5555665d91b8 (5555665d91b8)

418

a3=0 (0)

419

items=1 (1)

420

ppid=2013 (2013)

421

pid=13010 (13010)

422

auid=4294967295 (unset)

423

uid=89 (unknown(89))

424

gid=89 (unknown(89))

425

euid=89 (unknown(89))

426

suid=89 (unknown(89))

427

fsuid=89 (unknown(89))

428

egid=89 (unknown(89))

429

sgid=89 (unknown(89))

430

fsgid=89 (unknown(89))

431

tty=(none) ((none))

432

comm="pickup" (pickup)

433

exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)

434

subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)

435

key=(null) ((null))

436

437

record 3 of type 1307(CWD) has 2 fields

438

line=3 file=test2.log

439

event time: 1170021493.977:293

440

type=CWD (CWD)

441

cwd="/var/spool/postfix" (/var/spool/postfix)

442

443

record 4 of type 1302(PATH) has 10 fields

444

line=4 file=test2.log

445

event time: 1170021493.977:293

446

type=PATH (PATH)

447

item=0 (0)

448

name="maildrop" (maildrop)

449

inode=14911367 (14911367)

450

dev=03:07 (03:07)

451

mode=040730 (dir, 730)

452

ouid=89 (unknown(89))

453

ogid=90 (unknown(90))

454

rdev=00:00 (00:00)

455

obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

456

457

event 9 has 1 records

458

record 1 of type 1101(USER_ACCT) has 11 fields

459

line=5 file=test2.log

460

event time: 1170021601.340:294

461

type=USER_ACCT (USER_ACCT)

462

pid=13015 (13015)

463

uid=0 (root)

464

auid=4294967295 (unset)

465

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

466

acct=root (root)

467

exe="/usr/sbin/crond" (/usr/sbin/crond)

468

hostname=? (?)

469

addr=? (?)

470

terminal=cron (cron)

471

res=success (success)

472

473

event 10 has 1 records

474

record 1 of type 1103(CRED_ACQ) has 11 fields

475

line=6 file=test2.log

476

event time: 1170021601.342:295

477

type=CRED_ACQ (CRED_ACQ)

478

pid=13015 (13015)

479

uid=0 (root)

480

auid=4294967295 (unset)

481

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

482

acct=root (root)

483

exe="/usr/sbin/crond" (/usr/sbin/crond)

484

hostname=? (?)

485

addr=? (?)

486

terminal=cron (cron)

487

res=success (success)

488

489

event 11 has 1 records

490

record 1 of type 1006(LOGIN) has 5 fields

491

line=7 file=test2.log

492

event time: 1170021601.343:296

493

type=LOGIN (LOGIN)

494

pid=13015 (13015)

495

uid=0 (root)

496

auid=4294967295 (unset)

497

auid=0 (root)

498

499

event 12 has 1 records

500

record 1 of type 1105(USER_START) has 11 fields

501

line=8 file=test2.log

502

event time: 1170021601.344:297

503

type=USER_START (USER_START)

504

pid=13015 (13015)

505

uid=0 (root)

506

auid=0 (root)

507

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

508

acct=root (root)

509

exe="/usr/sbin/crond" (/usr/sbin/crond)

510

hostname=? (?)

511

addr=? (?)

512

terminal=cron (cron)

513

res=success (success)

514

515

event 13 has 1 records

516

record 1 of type 1104(CRED_DISP) has 11 fields

517

line=9 file=test2.log

518

event time: 1170021601.364:298

519

type=CRED_DISP (CRED_DISP)

520

pid=13015 (13015)

521

uid=0 (root)

522

auid=0 (root)

523

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

524

acct=root (root)

525

exe="/usr/sbin/crond" (/usr/sbin/crond)

526

hostname=? (?)

527

addr=? (?)

528

terminal=cron (cron)

529

res=success (success)

530

531

event 14 has 1 records

532

record 1 of type 1106(USER_END) has 11 fields

533

line=10 file=test2.log

534

event time: 1170021601.366:299

535

type=USER_END (USER_END)

536

pid=13015 (13015)

537

uid=0 (root)

538

auid=0 (root)

539

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

540

acct=root (root)

541

exe="/usr/sbin/crond" (/usr/sbin/crond)

542

hostname=? (?)

543

addr=? (?)

544

terminal=cron (cron)

545

res=success (success)

546

547

Test 5 Done

548

549

Starting Test 6, search...

550

auid = 500 not found...which is correct

551

auid exists...which is correct

552

Testing BUFFER_ARRAY, stop on field

553

Found auid = 48

554

Testing BUFFER_ARRAY, stop on record

555

Found type = SYSCALL

556

Testing BUFFER_ARRAY, stop on event

557

Found type = SYSCALL

558

Testing test.log, stop on field

559

Found auid = 4294967295

560

Testing test.log, stop on record

561

Found type = SYSCALL

562

Testing test.log, stop on event

563

Found type = AVC

564

Test 6 Done

565

566

Starting Test 7, compound search...

567

Found type = USER_START

568

Found auid = 0

569

Test 7 Done

570

571

Starting Test 8, buffer feed...

572

event 1 has 1 records

573

record 1 of type 1006(LOGIN) has 5 fields

574

line=1 file=None

575

event time: 1143146623.787:142

576

type=LOGIN (LOGIN)

577

pid=2027 (2027)

578

uid=0 (root)

579

auid=4294967295 (unset)

580

auid=48 (apache)

581

582

event 2 has 1 records

583

record 1 of type 1300(SYSCALL) has 24 fields

584

line=2 file=None

585

event time: 1143146623.875:143

586

type=SYSCALL (SYSCALL)

587

arch=c000003e (x86_64)

588

syscall=188 (setxattr)

589

success=yes (yes)

590

exit=0 (0)

591

a0=7fffffa9a9f0 (7fffffa9a9f0)

592

a1=3958d11333 (3958d11333)

593

a2=5131f0 (5131f0)

594

a3=20 (20)

595

items=1 (1)

596

pid=2027 (2027)

597

auid=48 (apache)

598

uid=0 (root)

599

gid=0 (root)

600

euid=0 (root)

601

suid=0 (root)

602

fsuid=0 (root)

603

egid=0 (root)

604

sgid=0 (root)

605

fsgid=0 (root)

606

tty=tty3 (tty3)

607

comm="login" (login)

608

exe="/bin/login" (/bin/login)

609

subj=system_u:system_r:local_login_t:s0-s0:c0.c255 (system_u:system_r:local_login_t:s0-s0:c0.c255)

610

611

event 3 has 1 records

612

record 1 of type 1112(USER_LOGIN) has 10 fields

613

line=3 file=None

614

event time: 1143146623.879:146

615

type=USER_LOGIN (USER_LOGIN)

616

pid=2027 (2027)

617

uid=0 (root)

618

auid=48 (apache)

619

uid=48 (apache)

620

exe="/bin/login" (/bin/login)

621

hostname=? (?)

622

addr=? (?)

623

terminal=tty3 (tty3)

624

res=success (success)

625

626

Test 8 Done

627

628

Starting Test 9, file feed...

629

event 1 has 4 records

630

record 1 of type 1400(AVC) has 11 fields

631

line=1 file=None

632

event time: 1170021493.977:293

633

type=AVC (AVC)

634

seresult=denied (denied)

635

seperms=read,write (read,write)

636

pid=13010 (13010)

637

comm="pickup" (pickup)

638

name="maildrop" (maildrop)

639

dev=hda7 (hda7)

640

ino=14911367 (14911367)

641

scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)

642

tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

643

tclass=dir (dir)

644

645

record 2 of type 1300(SYSCALL) has 26 fields

646

line=2 file=None

647

event time: 1170021493.977:293

648

type=SYSCALL (SYSCALL)

649

arch=c000003e (x86_64)

650

syscall=2 (open)

651

success=no (no)

652

exit=-13 (-13(Permission denied))

653

a0=5555665d91b0 (5555665d91b0)

654

a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)

655

a2=5555665d91b8 (5555665d91b8)

656

a3=0 (0)

657

items=1 (1)

658

ppid=2013 (2013)

659

pid=13010 (13010)

660

auid=4294967295 (unset)

661

uid=89 (unknown(89))

662

gid=89 (unknown(89))

663

euid=89 (unknown(89))

664

suid=89 (unknown(89))

665

fsuid=89 (unknown(89))

666

egid=89 (unknown(89))

667

sgid=89 (unknown(89))

668

fsgid=89 (unknown(89))

669

tty=(none) ((none))

670

comm="pickup" (pickup)

671

exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)

672

subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)

673

key=(null) ((null))

674

675

record 3 of type 1307(CWD) has 2 fields

676

line=3 file=None

677

event time: 1170021493.977:293

678

type=CWD (CWD)

679

cwd="/var/spool/postfix" (/var/spool/postfix)

680

681

record 4 of type 1302(PATH) has 10 fields

682

line=4 file=None

683

event time: 1170021493.977:293

684

type=PATH (PATH)

685

item=0 (0)

686

name="maildrop" (maildrop)

687

inode=14911367 (14911367)

688

dev=03:07 (03:07)

689

mode=040730 (dir, 730)

690

ouid=89 (unknown(89))

691

ogid=90 (unknown(90))

692

rdev=00:00 (00:00)

693

obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

694

695

event 2 has 1 records

696

record 1 of type 1101(USER_ACCT) has 11 fields

697

line=5 file=None

698

event time: 1170021601.340:294

699

type=USER_ACCT (USER_ACCT)

700

pid=13015 (13015)

701

uid=0 (root)

702

auid=4294967295 (unset)

703

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

704

acct=root (root)

705

exe="/usr/sbin/crond" (/usr/sbin/crond)

706

hostname=? (?)

707

addr=? (?)

708

terminal=cron (cron)

709

res=success (success)

710

711

event 3 has 1 records

712

record 1 of type 1103(CRED_ACQ) has 11 fields

713

line=6 file=None

714

event time: 1170021601.342:295

715

type=CRED_ACQ (CRED_ACQ)

716

pid=13015 (13015)

717

uid=0 (root)

718

auid=4294967295 (unset)

719

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

720

acct=root (root)

721

exe="/usr/sbin/crond" (/usr/sbin/crond)

722

hostname=? (?)

723

addr=? (?)

724

terminal=cron (cron)

725

res=success (success)

726

727

event 4 has 1 records

728

record 1 of type 1006(LOGIN) has 5 fields

729

line=7 file=None

730

event time: 1170021601.343:296

731

type=LOGIN (LOGIN)

732

pid=13015 (13015)

733

uid=0 (root)

734

auid=4294967295 (unset)

735

auid=0 (root)

736

737

event 5 has 1 records

738

record 1 of type 1105(USER_START) has 11 fields

739

line=8 file=None

740

event time: 1170021601.344:297

741

type=USER_START (USER_START)

742

pid=13015 (13015)

743

uid=0 (root)

744

auid=0 (root)

745

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

746

acct=root (root)

747

exe="/usr/sbin/crond" (/usr/sbin/crond)

748

hostname=? (?)

749

addr=? (?)

750

terminal=cron (cron)

751

res=success (success)

752

753

event 6 has 1 records

754

record 1 of type 1104(CRED_DISP) has 11 fields

755

line=9 file=None

756

event time: 1170021601.364:298

757

type=CRED_DISP (CRED_DISP)

758

pid=13015 (13015)

759

uid=0 (root)

760

auid=0 (root)

761

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

762

acct=root (root)

763

exe="/usr/sbin/crond" (/usr/sbin/crond)

764

hostname=? (?)

765

addr=? (?)

766

terminal=cron (cron)

767

res=success (success)

768

769

event 7 has 1 records

770

record 1 of type 1106(USER_END) has 11 fields

771

line=10 file=None

772

event time: 1170021601.366:299

773

type=USER_END (USER_END)

774

pid=13015 (13015)

775

uid=0 (root)

776

auid=0 (root)

777

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

778

acct=root (root)

779

exe="/usr/sbin/crond" (/usr/sbin/crond)

780

hostname=? (?)

781

addr=? (?)

782

terminal=cron (cron)

783

res=success (success)

784

785

Test 9 Done

786

787

Finished non-admin tests

788

Older »