[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

possible "comm"

While looking through some audit events in the audit-viewer I saw what I
thought might be a display error (see below "comm="), however when I
look at the event using ausearch I see the same thing:

# ausearch -ts recent -i -a 50457
type=SOCKADDR msg=audit(07/31/2008 15:37:43.602:50457) : saddr=inet
host: serv:16001 
type=SYSCALL msg=audit(07/31/2008 15:37:43.602:50457) : arch=x86_64
syscall=connect success=no exit=-111(Connection refused) a0=10
a1=2f96d30 a2=10 a3=7fff13ee75dc items=0 ppid=22794 pid=23014 auid=root
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root tty=pts3 ses=818 comm=/usr/share/audi exe=/usr/bin/python
subj=root:auditadm_r:auditadm_t:s15:c0.c1023 key=(null) 
type=AVC msg=audit(07/31/2008 15:37:43.602:50457) : avc:  denied
{ recvfrom } for  pid=23014 comm=/usr/share/audi saddr=
src=16001 daddr= dest=58356 netif=lo
tcontext=root:auditadm_r:auditadm_t:s15:c0.c1023 tclass=association 



LC (Lenny) Bruzenak
lenny magitekltd com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]