Decoding arguments passed to system calls
Wieprecht, Karen M.
Karen.Wieprecht at jhuapl.edu
Tue Jul 3 13:04:44 UTC 2007
Not sure how Linux handles this, but on Irix, when I accidentally tried
to audit one of the "write" audit record types, it would crash the
machine. If I still understand this correctly (it's been a few years),
the record I had selected for audit generated/collected an audit record
every time ANYTHING got written to, including terminal devices, not just
when you issued a "save" on a file, so every character that I typed
created an audit record. It was very ugly, and definitely not what I
wanted (and definitely not anything anyone was requiring me to collect).
Food For thought,
Karen Wieprecht
More information about the Linux-audit
mailing list