[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: audit a process that disappears



Thanks Steve, 

I´m going to try it, 


Greetings, 

ESG

2010/11/9 Steve Grubb <sgrubb redhat com>
On Tuesday, November 09, 2010 08:25:07 am ESGLinux wrote:
> it´s like anybody outside the process gives a kill to it.

There are 2 other possibilities and that is that it terminates abnormally or that it
"ends".


> My question is with audit rules I can get any information about what is
> happening with this process.
>
> something like this:
>
> -a entry,always -F pid=32179 -S all -k TOMCAT_JAVA
>
> (pid=32179 is the pid of the process)

You should be able to get something. You would probably just need the "kill", "exit",
and "exit_group" syscalls.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]