[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

aureport and command lines



I have written my own version of aureport. It is still buggy etc, but it
does already provide something interesting.

For example, it can show command lines. It takes something in the log
like:
   uid=1000 euid=0
   argc=4 a0="sudo" a1="cp" a2="qwerty" a3="/etc/xxx"

   uid = 0 euid=0
   argc=4 a0="cp" a1="qwerty" a2="/etc/xxx"

and puts out:
    uid   euid   command
    ---   ----   -------
   1000      0   sudo cp qwerty /etc/xxx
      0      0   cp qwerty /etc/xxx

which is interesting.

My question is whether I could have done something like this with
aureport.

(This is part of a much bigger question as to how audit can be used to
meet PCI requirements.)

Thanks - Michael
----------------



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]