Re: Exclude /usr/libexec/mysqld from audit.rules
On Monday, December 09, 2013 10:20:41 AM Derek Warner wrote:
How did you "interpret" the log setting to retreive the
syscall
"sched_setparam"?
I copied the text and ran it through ausearch with the '-i' commandline
option.
Anyhow I am not sure why we want this, I have no idea what the
sched_setparam actually does.
It changes the priority of the process. Which is not exactly security
critical. For concerns in this area, one would generally set rlimits to
prevent a resource hog. Additionally, if you really, really wanted to see
this, you'd only want the ones that succeed or fail due to EPERM.
Did you do a lookup on the mysql syscall number?
No, I used the audit tools to check it.
-Steve