[TriLUG] Modification of /etc/hosts

Jeff Schornick jeff at schornick.org
Wed Feb 3 13:14:05 EST 2010


> # type=SYSCALL msg=audit(1265220365.138:40): arch=c000003e syscall=2
> success=yes exit=4 a0=7fffd55386c3 a1=201 a2=0 a3=7fffd5537490 items=1
> ppid=14345 pid=15001 auid=4294967295 uid=1000 gid=1000 euid=1000
> suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts5
> ses=4294967295 comm="cp" exe="/bin/cp" key=(null)
> type=CWD msg=audit(1265220365.138:40):  cwd="/tmp"
> type=PATH msg=audit(1265220365.138:40): item=0 name="/tmp/myfile"
> inode=75723 dev=08:05 mode=0100644 ouid=1000 ogid=0 rdev=00:00

D'oh... that was supposed to be the output from:

# tail -3 /var/log/audit/audit.log

Hopefully everything else is reasonably clear.  =)

  - Jeff



More information about the TriLUG mailing list