Re: Sucess or failure?
On Sat, Jul 21, 2012 at 6:48 PM, Michael Mather
<michael.mather(a)teksavvy.com> wrote:
Hi,
I enter the command "sudo cp qwerty /etc/xxx"
and get the reply: "cp: cannot stat `qwerty': No such file or directory."
A number of log entries are written. The last two are, in part:
type=SYSCALL success=yes
type=EXECVE argc=3 a0="cp" a1="qwerty" a2="/etc/xxx"
My problem is with "success=yes".
What's the actual syscall and what's the actual rule that triggering the entry?
What is happening?
Thanks - Michael Mather
-----------------------
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
--
Peter Moody Google 1.650.253.7306
Security Engineer pgp:0xC3410038