Re: Sucess or failure?
Thanks for the replies.
The problem is that the PCI requirements say:
10.3 Record at least the following audit trail entries for all system
components for each event:
...
10.3.4 Success or failure indication.
I don't know if PCI would accept the notion that this was success.
Michael
-------
On Sun, 2012-07-22 at 07:52 +0200, yersinia wrote:
>From the point of view of the linux kernel, and of the audit, you
have
the right to execute the cp, you don't have permission denied. So the
result is success.
Best regards
2012/7/22, Michael Mather <michael.mather(a)teksavvy.com>:
> Hi,
>
> I enter the command "sudo cp qwerty /etc/xxx"
> and get the reply: "cp: cannot stat `qwerty': No such file or
directory."
>
> A number of log entries are written. The last two are, in part:
>
> type=SYSCALL success=yes
> type=EXECVE argc=3 a0="cp" a1="qwerty" a2="/etc/xxx"
>
> My problem is with "success=yes".
>
> What is happening?
>
> Thanks - Michael Mather
> -----------------------
>
>
>
> --
> Linux-audit mailing list
> Linux-audit(a)redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>