Exclude /usr/libexec/mysqld from audit.rules
Derek Warner
derek.warner at riptidesoftware.com
Mon Dec 9 15:59:39 UTC 2013
Steve,
Thanks again, I am really trying to get my linux skills sharpened as I have
been unfortunately raised in the windows world. It does pay the bills
though.
V/R
Derek Warner – CISSP-ISSEP
Information System Security Engineer
Riptide Software
w- 321-296-0068 x 136
c- 407-716-9223
derek.warner at riptidesoftware.com
derek.a.warner at us.army.mil
On Mon, Dec 9, 2013 at 10:34 AM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Monday, December 09, 2013 10:20:41 AM Derek Warner wrote:
> > How did you "interpret" the log setting to retreive the syscall
> > "sched_setparam"?
>
> I copied the text and ran it through ausearch with the '-i' commandline
> option.
>
>
> > Anyhow I am not sure why we want this, I have no idea what the
> > sched_setparam actually does.
>
> It changes the priority of the process. Which is not exactly security
> critical. For concerns in this area, one would generally set rlimits to
> prevent a resource hog. Additionally, if you really, really wanted to see
> this, you'd only want the ones that succeed or fail due to EPERM.
>
>
> >Did you do a lookup on the mysql syscall number?
>
> No, I used the audit tools to check it.
>
> -Steve
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20131209/097b5e6c/attachment.htm>
More information about the Linux-audit
mailing list