~ubuntu-branches/ubuntu/maverick/audit/maverick

Committer: Bazaar Package Importer
Author(s): Mathias Gug
Date: 2007-06-29 13:05:14 UTC
mfrom: (1.1.1 upstream)
Revision ID: james.westby@ubuntu.com-20070629130514-z798cz4lebiahj5w

Tags: 1.5.4-0ubuntu1

* New upstream version.
* debian/patches/audit-1.5.1-dist.patch:
  * update so that it applies for 1.5.4.
* debian/control:
  * update Maintainer and XSBC-Original-Maintainer fields.
* debian/rules:
  * enable apparmor support: add --with-apparmor to configure options.

files added:
auparse/data_buf.c

auparse/data_buf.h

auparse/test/Makefile.am

auparse/test/Makefile.in

auparse/test/auparse_test.ref

auparse/test/tmp

auparse/test/tmp1

auparse/test/tmp2

docs/auparse_add_callback.3

docs/auparse_feed.3

docs/auparse_flush_feed.3

docs/auparse_get_filename.3

docs/auparse_get_line_number.3

init.d/audispd.conf

new_audispd

new_audispd/Makefile.am

new_audispd/audispd-builtins.c

new_audispd/audispd-builtins.h

new_audispd/audispd-config.c

new_audispd/audispd-config.h

new_audispd/audispd-llist.c

new_audispd/audispd-llist.h

new_audispd/audispd-pconfig.c

new_audispd/audispd-pconfig.h

new_audispd/audispd.c

new_audispd/configs

new_audispd/configs/Makefile.am

new_audispd/configs/af_unix.conf

new_audispd/configs/syslog.conf

new_audispd/queue.c

new_audispd/queue.h

files removed:
auparse/test/Makefile

files modified:
ChangeLog

THANKS

TODO

audit.spec

auparse/Makefile.am

auparse/auparse-defs.h

auparse/auparse.c

auparse/auparse.h

auparse/ellist.c

auparse/ellist.h

auparse/internal.h

auparse/rnode.h

auparse/test/auparse_test.c

auparse/test/auparse_test.py

auparse/typetab.h

bindings/python/auparse_python.c

config.guess

configure.ac

contrib/skeleton.c

debian/changelog

debian/control

debian/patches/audit-1.5.1-dist.patch

debian/rules

docs/Makefile.am

docs/auditctl.8

docs/auparse_init.3

docs/ausearch.8

init.d/Makefile.am

lib/audit_logging.c

lib/deprecated.c

lib/fieldtab.h

lib/libaudit.c

lib/libaudit.h

lib/msg_typetab.h

src/auditctl.c

src/auditd-config.c

src/aureport-options.c

src/aureport-output.c

src/ausearch-parse.c

swig/auditswig.i

Show diffs side-by-side

added added

removed removed

auparse/test/tmp1

Starting Test 1, iterate...

auid=4294967295

interp auid=unset

auid=48

interp auid=apache

auid=48

interp auid=apache

Test 1 Done

Starting Test 2, walk events, records, and fields...

event: 1

records:1

fields:5

type=1006(LOGIN) line=1 file=None event time: 1143146623.787:142

type=LOGIN (LOGIN)

pid=2027 (2027)

uid=0 (root)

auid=4294967295 (unset)

auid=48 (apache)

event: 2

records:1

fields:24

type=1300(SYSCALL) line=2 file=None event time: 1143146623.875:143

type=SYSCALL (SYSCALL)

arch=c000003e (x86_64)

syscall=188 (setxattr)

success=yes (yes)

exit=0 (0)

a0=7fffffa9a9f0 (7fffffa9a9f0)

a1=3958d11333 (3958d11333)

a2=5131f0 (5131f0)

a3=20 (20)

items=1 (1)

pid=2027 (2027)

auid=48 (apache)

uid=0 (root)

gid=0 (root)

euid=0 (root)

suid=0 (root)

fsuid=0 (root)

egid=0 (root)

sgid=0 (root)

fsgid=0 (root)

tty=tty3 (tty3)

comm="login" (login)

exe="/bin/login" (/bin/login)

subj=system_u:system_r:local_login_t:s0-s0:c0.c255 (system_u:system_r:local_login_t:s0-s0:c0.c255)

event: 3

records:1

fields:10

type=1112(USER_LOGIN) line=3 file=None event time: 1143146623.879:146

type=USER_LOGIN (USER_LOGIN)

pid=2027 (2027)

uid=0 (root)

auid=48 (apache)

uid=48 (apache)

exe="/bin/login" (/bin/login)

hostname=? (?)

addr=? (?)

terminal=tty3 (tty3)

res=success (success)

Test 2 Done

Starting Test 3, walk events, records of 1 buffer...

records:1

fields:10

type=1112(USER_LOGIN) line=1 file=None event time: 1143146623.879:146

Test 3 Done

Starting Test 4, walk events, records of 1 file...

event: 1

records:4

fields:11

type=1400(AVC) line=1 file=./test.log event time: 1170021493.977:293

type=AVC (AVC)

seresult=denied (denied)

seperms=read,write (read,write)

pid=13010 (13010)

comm="pickup" (pickup)

name="maildrop" (maildrop)

dev=hda7 (hda7)

ino=14911367 (14911367)

scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)

tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

tclass=dir (dir)

fields:26

type=1300(SYSCALL) line=2 file=./test.log event time: 1170021493.977:293

type=SYSCALL (SYSCALL)

arch=c000003e (x86_64)

syscall=2 (open)

success=no (no)

exit=-13 (-13(Permission denied))

a0=5555665d91b0 (5555665d91b0)

a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)

100

a2=5555665d91b8 (5555665d91b8)

101

a3=0 (0)

102

items=1 (1)

103

ppid=2013 (2013)

104

pid=13010 (13010)

105

auid=4294967295 (unset)

106

uid=89 (unknown(89))

107

gid=89 (unknown(89))

108

euid=89 (unknown(89))

109

suid=89 (unknown(89))

110

fsuid=89 (unknown(89))

111

egid=89 (unknown(89))

112

sgid=89 (unknown(89))

113

fsgid=89 (unknown(89))

114

tty=(none) ((none))

115

comm="pickup" (pickup)

116

exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)

117

subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)

118

key=(null) ((null))

119

120

fields:2

121

type=1307(CWD) line=3 file=./test.log event time: 1170021493.977:293

122

type=CWD (CWD)

123

cwd="/var/spool/postfix" (/var/spool/postfix)

124

125

fields:10

126

type=1302(PATH) line=4 file=./test.log event time: 1170021493.977:293

127

type=PATH (PATH)

128

item=0 (0)

129

name="maildrop" (maildrop)

130

inode=14911367 (14911367)

131

dev=03:07 (03:07)

132

mode=040730 (dir, 730)

133

ouid=89 (unknown(89))

134

ogid=90 (unknown(90))

135

rdev=00:00 (00:00)

136

obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

137

138

event: 2

139

records:1

140

fields:11

141

type=1101(USER_ACCT) line=5 file=./test.log event time: 1170021601.340:294

142

type=USER_ACCT (USER_ACCT)

143

pid=13015 (13015)

144

uid=0 (root)

145

auid=4294967295 (unset)

146

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

147

acct=root (root)

148

exe="/usr/sbin/crond" (/usr/sbin/crond)

149

hostname=? (?)

150

addr=? (?)

151

terminal=cron (cron)

152

res=success (success)

153

154

event: 3

155

records:1

156

fields:11

157

type=1103(CRED_ACQ) line=6 file=./test.log event time: 1170021601.342:295

158

type=CRED_ACQ (CRED_ACQ)

159

pid=13015 (13015)

160

uid=0 (root)

161

auid=4294967295 (unset)

162

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

163

acct=root (root)

164

exe="/usr/sbin/crond" (/usr/sbin/crond)

165

hostname=? (?)

166

addr=? (?)

167

terminal=cron (cron)

168

res=success (success)

169

170

event: 4

171

records:1

172

fields:5

173

type=1006(LOGIN) line=7 file=./test.log event time: 1170021601.343:296

174

type=LOGIN (LOGIN)

175

pid=13015 (13015)

176

uid=0 (root)

177

auid=4294967295 (unset)

178

auid=0 (root)

179

180

event: 5

181

records:1

182

fields:11

183

type=1105(USER_START) line=8 file=./test.log event time: 1170021601.344:297

184

type=USER_START (USER_START)

185

pid=13015 (13015)

186

uid=0 (root)

187

auid=0 (root)

188

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

189

acct=root (root)

190

exe="/usr/sbin/crond" (/usr/sbin/crond)

191

hostname=? (?)

192

addr=? (?)

193

terminal=cron (cron)

194

res=success (success)

195

196

event: 6

197

records:1

198

fields:11

199

type=1104(CRED_DISP) line=9 file=./test.log event time: 1170021601.364:298

200

type=CRED_DISP (CRED_DISP)

201

pid=13015 (13015)

202

uid=0 (root)

203

auid=0 (root)

204

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

205

acct=root (root)

206

exe="/usr/sbin/crond" (/usr/sbin/crond)

207

hostname=? (?)

208

addr=? (?)

209

terminal=cron (cron)

210

res=success (success)

211

212

event: 7

213

records:1

214

fields:11

215

type=1106(USER_END) line=10 file=./test.log event time: 1170021601.366:299

216

type=USER_END (USER_END)

217

pid=13015 (13015)

218

uid=0 (root)

219

auid=0 (root)

220

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

221

acct=root (root)

222

exe="/usr/sbin/crond" (/usr/sbin/crond)

223

hostname=? (?)

224

addr=? (?)

225

terminal=cron (cron)

226

res=success (success)

227

228

Test 4 Done

229

230

Starting Test 5, walk events, records of 2 files...

231

event: 1

232

records:4

233

fields:11

234

type=1400(AVC) line=1 file=test.log event time: 1170021493.977:293

235

type=AVC (AVC)

236

seresult=denied (denied)

237

seperms=read,write (read,write)

238

pid=13010 (13010)

239

comm="pickup" (pickup)

240

name="maildrop" (maildrop)

241

dev=hda7 (hda7)

242

ino=14911367 (14911367)

243

scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)

244

tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

245

tclass=dir (dir)

246

247

fields:26

248

type=1300(SYSCALL) line=2 file=test.log event time: 1170021493.977:293

249

type=SYSCALL (SYSCALL)

250

arch=c000003e (x86_64)

251

syscall=2 (open)

252

success=no (no)

253

exit=-13 (-13(Permission denied))

254

a0=5555665d91b0 (5555665d91b0)

255

a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)

256

a2=5555665d91b8 (5555665d91b8)

257

a3=0 (0)

258

items=1 (1)

259

ppid=2013 (2013)

260

pid=13010 (13010)

261

auid=4294967295 (unset)

262

uid=89 (unknown(89))

263

gid=89 (unknown(89))

264

euid=89 (unknown(89))

265

suid=89 (unknown(89))

266

fsuid=89 (unknown(89))

267

egid=89 (unknown(89))

268

sgid=89 (unknown(89))

269

fsgid=89 (unknown(89))

270

tty=(none) ((none))

271

comm="pickup" (pickup)

272

exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)

273

subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)

274

key=(null) ((null))

275

276

fields:2

277

type=1307(CWD) line=3 file=test.log event time: 1170021493.977:293

278

type=CWD (CWD)

279

cwd="/var/spool/postfix" (/var/spool/postfix)

280

281

fields:10

282

type=1302(PATH) line=4 file=test.log event time: 1170021493.977:293

283

type=PATH (PATH)

284

item=0 (0)

285

name="maildrop" (maildrop)

286

inode=14911367 (14911367)

287

dev=03:07 (03:07)

288

mode=040730 (dir, 730)

289

ouid=89 (unknown(89))

290

ogid=90 (unknown(90))

291

rdev=00:00 (00:00)

292

obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

293

294

event: 2

295

records:1

296

fields:11

297

type=1101(USER_ACCT) line=5 file=test.log event time: 1170021601.340:294

298

type=USER_ACCT (USER_ACCT)

299

pid=13015 (13015)

300

uid=0 (root)

301

auid=4294967295 (unset)

302

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

303

acct=root (root)

304

exe="/usr/sbin/crond" (/usr/sbin/crond)

305

hostname=? (?)

306

addr=? (?)

307

terminal=cron (cron)

308

res=success (success)

309

310

event: 3

311

records:1

312

fields:11

313

type=1103(CRED_ACQ) line=6 file=test.log event time: 1170021601.342:295

314

type=CRED_ACQ (CRED_ACQ)

315

pid=13015 (13015)

316

uid=0 (root)

317

auid=4294967295 (unset)

318

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

319

acct=root (root)

320

exe="/usr/sbin/crond" (/usr/sbin/crond)

321

hostname=? (?)

322

addr=? (?)

323

terminal=cron (cron)

324

res=success (success)

325

326

event: 4

327

records:1

328

fields:5

329

type=1006(LOGIN) line=7 file=test.log event time: 1170021601.343:296

330

type=LOGIN (LOGIN)

331

pid=13015 (13015)

332

uid=0 (root)

333

auid=4294967295 (unset)

334

auid=0 (root)

335

336

event: 5

337

records:1

338

fields:11

339

type=1105(USER_START) line=8 file=test.log event time: 1170021601.344:297

340

type=USER_START (USER_START)

341

pid=13015 (13015)

342

uid=0 (root)

343

auid=0 (root)

344

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

345

acct=root (root)

346

exe="/usr/sbin/crond" (/usr/sbin/crond)

347

hostname=? (?)

348

addr=? (?)

349

terminal=cron (cron)

350

res=success (success)

351

352

event: 6

353

records:1

354

fields:11

355

type=1104(CRED_DISP) line=9 file=test.log event time: 1170021601.364:298

356

type=CRED_DISP (CRED_DISP)

357

pid=13015 (13015)

358

uid=0 (root)

359

auid=0 (root)

360

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

361

acct=root (root)

362

exe="/usr/sbin/crond" (/usr/sbin/crond)

363

hostname=? (?)

364

addr=? (?)

365

terminal=cron (cron)

366

res=success (success)

367

368

event: 7

369

records:1

370

fields:11

371

type=1106(USER_END) line=10 file=test.log event time: 1170021601.366:299

372

type=USER_END (USER_END)

373

pid=13015 (13015)

374

uid=0 (root)

375

auid=0 (root)

376

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

377

acct=root (root)

378

exe="/usr/sbin/crond" (/usr/sbin/crond)

379

hostname=? (?)

380

addr=? (?)

381

terminal=cron (cron)

382

res=success (success)

383

384

event: 8

385

records:4

386

fields:11

387

type=1400(AVC) line=1 file=test2.log event time: 1170021493.977:293

388

type=AVC (AVC)

389

seresult=denied (denied)

390

seperms=read (read)

391

pid=13010 (13010)

392

comm="pickup" (pickup)

393

name="maildrop" (maildrop)

394

dev=hda7 (hda7)

395

ino=14911367 (14911367)

396

scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)

397

tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

398

tclass=dir (dir)

399

400

fields:26

401

type=1300(SYSCALL) line=2 file=test2.log event time: 1170021493.977:293

402

type=SYSCALL (SYSCALL)

403

arch=c000003e (x86_64)

404

syscall=2 (open)

405

success=no (no)

406

exit=-13 (-13(Permission denied))

407

a0=5555665d91b0 (5555665d91b0)

408

a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)

409

a2=5555665d91b8 (5555665d91b8)

410

a3=0 (0)

411

items=1 (1)

412

ppid=2013 (2013)

413

pid=13010 (13010)

414

auid=4294967295 (unset)

415

uid=89 (unknown(89))

416

gid=89 (unknown(89))

417

euid=89 (unknown(89))

418

suid=89 (unknown(89))

419

fsuid=89 (unknown(89))

420

egid=89 (unknown(89))

421

sgid=89 (unknown(89))

422

fsgid=89 (unknown(89))

423

tty=(none) ((none))

424

comm="pickup" (pickup)

425

exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)

426

subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)

427

key=(null) ((null))

428

429

fields:2

430

type=1307(CWD) line=3 file=test2.log event time: 1170021493.977:293

431

type=CWD (CWD)

432

cwd="/var/spool/postfix" (/var/spool/postfix)

433

434

fields:10

435

type=1302(PATH) line=4 file=test2.log event time: 1170021493.977:293

436

type=PATH (PATH)

437

item=0 (0)

438

name="maildrop" (maildrop)

439

inode=14911367 (14911367)

440

dev=03:07 (03:07)

441

mode=040730 (dir, 730)

442

ouid=89 (unknown(89))

443

ogid=90 (unknown(90))

444

rdev=00:00 (00:00)

445

obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

446

447

event: 9

448

records:1

449

fields:11

450

type=1101(USER_ACCT) line=5 file=test2.log event time: 1170021601.340:294

451

type=USER_ACCT (USER_ACCT)

452

pid=13015 (13015)

453

uid=0 (root)

454

auid=4294967295 (unset)

455

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

456

acct=root (root)

457

exe="/usr/sbin/crond" (/usr/sbin/crond)

458

hostname=? (?)

459

addr=? (?)

460

terminal=cron (cron)

461

res=success (success)

462

463

event: 10

464

records:1

465

fields:11

466

type=1103(CRED_ACQ) line=6 file=test2.log event time: 1170021601.342:295

467

type=CRED_ACQ (CRED_ACQ)

468

pid=13015 (13015)

469

uid=0 (root)

470

auid=4294967295 (unset)

471

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

472

acct=root (root)

473

exe="/usr/sbin/crond" (/usr/sbin/crond)

474

hostname=? (?)

475

addr=? (?)

476

terminal=cron (cron)

477

res=success (success)

478

479

event: 11

480

records:1

481

fields:5

482

type=1006(LOGIN) line=7 file=test2.log event time: 1170021601.343:296

483

type=LOGIN (LOGIN)

484

pid=13015 (13015)

485

uid=0 (root)

486

auid=4294967295 (unset)

487

auid=0 (root)

488

489

event: 12

490

records:1

491

fields:11

492

type=1105(USER_START) line=8 file=test2.log event time: 1170021601.344:297

493

type=USER_START (USER_START)

494

pid=13015 (13015)

495

uid=0 (root)

496

auid=0 (root)

497

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

498

acct=root (root)

499

exe="/usr/sbin/crond" (/usr/sbin/crond)

500

hostname=? (?)

501

addr=? (?)

502

terminal=cron (cron)

503

res=success (success)

504

505

event: 13

506

records:1

507

fields:11

508

type=1104(CRED_DISP) line=9 file=test2.log event time: 1170021601.364:298

509

type=CRED_DISP (CRED_DISP)

510

pid=13015 (13015)

511

uid=0 (root)

512

auid=0 (root)

513

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

514

acct=root (root)

515

exe="/usr/sbin/crond" (/usr/sbin/crond)

516

hostname=? (?)

517

addr=? (?)

518

terminal=cron (cron)

519

res=success (success)

520

521

event: 14

522

records:1

523

fields:11

524

type=1106(USER_END) line=10 file=test2.log event time: 1170021601.366:299

525

type=USER_END (USER_END)

526

pid=13015 (13015)

527

uid=0 (root)

528

auid=0 (root)

529

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

530

acct=root (root)

531

exe="/usr/sbin/crond" (/usr/sbin/crond)

532

hostname=? (?)

533

addr=? (?)

534

terminal=cron (cron)

535

res=success (success)

536

537

Test 5 Done

538

539

Starting Test 6, search...

540

auid = 500 not found...which is correct

541

auid exists...which is correct

542

Testing BUFFER_ARRAY, stop on field

543

Found auid = 48

544

Testing BUFFER_ARRAY, stop on record

545

Found type = SYSCALL

546

Testing BUFFER_ARRAY, stop on event

547

Found type = SYSCALL

548

Testing test.log, stop on field

549

Found auid = 4294967295

550

Testing test.log, stop on record

551

Found type = SYSCALL

552

Testing test.log, stop on event

553

Found type = AVC

554

Test 6 Done

555

556

Starting Test 7, compound search...

557

Found type = USER_START

558

Found auid = 0

559

Test 7 Done

560

561

Starting Test 8, buffer feed...

562

event: 1

563

records:1

564

fields:5

565

type=1006(LOGIN) line=1 file=None event time: 1143146623.787:142

566

type=LOGIN (LOGIN)

567

pid=2027 (2027)

568

uid=0 (root)

569

auid=4294967295 (unset)

570

auid=48 (apache)

571

572

event: 2

573

records:1

574

fields:24

575

type=1300(SYSCALL) line=2 file=None event time: 1143146623.875:143

576

type=SYSCALL (SYSCALL)

577

arch=c000003e (x86_64)

578

syscall=188 (setxattr)

579

success=yes (yes)

580

exit=0 (0)

581

a0=7fffffa9a9f0 (7fffffa9a9f0)

582

a1=3958d11333 (3958d11333)

583

a2=5131f0 (5131f0)

584

a3=20 (20)

585

items=1 (1)

586

pid=2027 (2027)

587

auid=48 (apache)

588

uid=0 (root)

589

gid=0 (root)

590

euid=0 (root)

591

suid=0 (root)

592

fsuid=0 (root)

593

egid=0 (root)

594

sgid=0 (root)

595

fsgid=0 (root)

596

tty=tty3 (tty3)

597

comm="login" (login)

598

exe="/bin/login" (/bin/login)

599

subj=system_u:system_r:local_login_t:s0-s0:c0.c255 (system_u:system_r:local_login_t:s0-s0:c0.c255)

600

601

event: 3

602

records:1

603

fields:10

604

type=1112(USER_LOGIN) line=3 file=None event time: 1143146623.879:146

605

type=USER_LOGIN (USER_LOGIN)

606

pid=2027 (2027)

607

uid=0 (root)

608

auid=48 (apache)

609

uid=48 (apache)

610

exe="/bin/login" (/bin/login)

611

hostname=? (?)

612

addr=? (?)

613

terminal=tty3 (tty3)

614

res=success (success)

615

616

Test 8 Done

617

618

Starting Test 9, file feed...

619

event: 1

620

records:4

621

fields:11

622

type=1400(AVC) line=1 file=None event time: 1170021493.977:293

623

type=AVC (AVC)

624

seresult=denied (denied)

625

seperms=read,write (read,write)

626

pid=13010 (13010)

627

comm="pickup" (pickup)

628

name="maildrop" (maildrop)

629

dev=hda7 (hda7)

630

ino=14911367 (14911367)

631

scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)

632

tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

633

tclass=dir (dir)

634

635

fields:26

636

type=1300(SYSCALL) line=2 file=None event time: 1170021493.977:293

637

type=SYSCALL (SYSCALL)

638

arch=c000003e (x86_64)

639

syscall=2 (open)

640

success=no (no)

641

exit=-13 (-13(Permission denied))

642

a0=5555665d91b0 (5555665d91b0)

643

a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)

644

a2=5555665d91b8 (5555665d91b8)

645

a3=0 (0)

646

items=1 (1)

647

ppid=2013 (2013)

648

pid=13010 (13010)

649

auid=4294967295 (unset)

650

uid=89 (unknown(89))

651

gid=89 (unknown(89))

652

euid=89 (unknown(89))

653

suid=89 (unknown(89))

654

fsuid=89 (unknown(89))

655

egid=89 (unknown(89))

656

sgid=89 (unknown(89))

657

fsgid=89 (unknown(89))

658

tty=(none) ((none))

659

comm="pickup" (pickup)

660

exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)

661

subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)

662

key=(null) ((null))

663

664

fields:2

665

type=1307(CWD) line=3 file=None event time: 1170021493.977:293

666

type=CWD (CWD)

667

cwd="/var/spool/postfix" (/var/spool/postfix)

668

669

fields:10

670

type=1302(PATH) line=4 file=None event time: 1170021493.977:293

671

type=PATH (PATH)

672

item=0 (0)

673

name="maildrop" (maildrop)

674

inode=14911367 (14911367)

675

dev=03:07 (03:07)

676

mode=040730 (dir, 730)

677

ouid=89 (unknown(89))

678

ogid=90 (unknown(90))

679

rdev=00:00 (00:00)

680

obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

681

682

event: 2

683

records:1

684

fields:11

685

type=1101(USER_ACCT) line=5 file=None event time: 1170021601.340:294

686

type=USER_ACCT (USER_ACCT)

687

pid=13015 (13015)

688

uid=0 (root)

689

auid=4294967295 (unset)

690

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

691

acct=root (root)

692

exe="/usr/sbin/crond" (/usr/sbin/crond)

693

hostname=? (?)

694

addr=? (?)

695

terminal=cron (cron)

696

res=success (success)

697

698

event: 3

699

records:1

700

fields:11

701

type=1103(CRED_ACQ) line=6 file=None event time: 1170021601.342:295

702

type=CRED_ACQ (CRED_ACQ)

703

pid=13015 (13015)

704

uid=0 (root)

705

auid=4294967295 (unset)

706

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

707

acct=root (root)

708

exe="/usr/sbin/crond" (/usr/sbin/crond)

709

hostname=? (?)

710

addr=? (?)

711

terminal=cron (cron)

712

res=success (success)

713

714

event: 4

715

records:1

716

fields:5

717

type=1006(LOGIN) line=7 file=None event time: 1170021601.343:296

718

type=LOGIN (LOGIN)

719

pid=13015 (13015)

720

uid=0 (root)

721

auid=4294967295 (unset)

722

auid=0 (root)

723

724

event: 5

725

records:1

726

fields:11

727

type=1105(USER_START) line=8 file=None event time: 1170021601.344:297

728

type=USER_START (USER_START)

729

pid=13015 (13015)

730

uid=0 (root)

731

auid=0 (root)

732

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

733

acct=root (root)

734

exe="/usr/sbin/crond" (/usr/sbin/crond)

735

hostname=? (?)

736

addr=? (?)

737

terminal=cron (cron)

738

res=success (success)

739

740

event: 6

741

records:1

742

fields:11

743

type=1104(CRED_DISP) line=9 file=None event time: 1170021601.364:298

744

type=CRED_DISP (CRED_DISP)

745

pid=13015 (13015)

746

uid=0 (root)

747

auid=0 (root)

748

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

749

acct=root (root)

750

exe="/usr/sbin/crond" (/usr/sbin/crond)

751

hostname=? (?)

752

addr=? (?)

753

terminal=cron (cron)

754

res=success (success)

755

756

event: 7

757

records:1

758

fields:11

759

type=1106(USER_END) line=10 file=None event time: 1170021601.366:299

760

type=USER_END (USER_END)

761

pid=13015 (13015)

762

uid=0 (root)

763

auid=0 (root)

764

subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)

765

acct=root (root)

766

exe="/usr/sbin/crond" (/usr/sbin/crond)

767

hostname=? (?)

768

addr=? (?)

769

terminal=cron (cron)

770

res=success (success)

771

772

Test 9 Done

773

774

Finished non-admin tests

775

Older »