OBJ_PID records
Alexander Viro
aviro at redhat.com
Fri Sep 28 03:25:51 UTC 2007
On Thu, Sep 27, 2007 at 02:40:45PM -0400, Eric Paris wrote:
> Interestingly on this machine the opid has ALWAYS been 1956 with
> obj=syslogd_t. I don't however think there is anything special about
> syslog though as that wasn't the obj in the messages sgrubb was getting,
> although i do wonder if it was the same opid every time.....
Because the process in question is started from rc scripts and gets
the same PID on each boot on that box? PID 1956 sounds plausible in
that respect...
Same question: which process it actually is? I.e. what does
ps 1956
give on that box?
More information about the Linux-audit
mailing list