Problems with command args
Miloslav Trmac
mitr at redhat.com
Thu Sep 16 17:12:23 UTC 2010
----- "Jure Simsic" <jure.simsic at gmail.com> wrote:
> Hi
>
> I need to audit some specific commands which have the following form
>
> cmd -arg1 -arg2 -query 'some query("args")'
>
> In audit log I get a record like:
> type=EXECVE msg=audit(1282117611.037:27469599): argv [0] ="cmd" argv [1] ="-arg1" argv [2] ="-arg2" argv [3] ="-query" argv [4] =737472626567696E73287468726561645F69642C227468726561645F69643D32333639383932662229
>
> Now, I'd really need to get the last query argument in an understandable form. Is this possible or is this the way it is and I can't do it?
(ausearch -i) , at least in recent versions.
Mirek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20100916/8c044115/attachment.htm>
More information about the Linux-audit
mailing list