[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Sucess or failure?



On Sat, Jul 21, 2012 at 6:48 PM, Michael Mather
<michael mather teksavvy com> wrote:
> Hi,
>
> I enter the command "sudo cp qwerty /etc/xxx"
> and get the reply:  "cp: cannot stat `qwerty': No such file or directory."
>
> A number of log entries are written. The last two are, in part:
>
> type=SYSCALL success=yes
> type=EXECVE  argc=3 a0="cp" a1="qwerty" a2="/etc/xxx"
>
> My problem is with "success=yes".

What's the actual syscall and what's the actual rule that triggering the entry?

>
> What is happening?
>
> Thanks - Michael Mather
> -----------------------
>
>
>
> --
> Linux-audit mailing list
> Linux-audit redhat com
> https://www.redhat.com/mailman/listinfo/linux-audit



-- 
Peter Moody      Google    1.650.253.7306
Security Engineer  pgp:0xC3410038


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]