On 2019-10-16 15:36, Ankitha Kundhuru wrote:
Hi All,
I found a new word "per" in some of the records of my audit.log.
Any idea of why this happened and what it means ?
This is a "swinging" field, which means that it only appears when it is
different from an expected value (zero usually expected).
That isn't new. It has been there since the very first audit commit,
commit b7b0074ca3c9fe22d07b97e42a99c8b27be6307f
Author: Andrew Morton <akpm(a)osdl.org>
AuthorDate: 2004-04-11 23:29:12 -0700
Light-weight Auditing Framework
From: Rik Faith <faith(a)redhat.com>
You may never have seen it before because it appears you now have a
personality other than PER_LINUX for this event. 32-bit binary on 64
bit? I assume your arch is x86 64 (LE)?
type=SYSCALL msg=audit(1571245536.351:43593): arch=c000003e
syscall=3
*per=40000* success=yes exit=0 a0=5 a1=5 a2=556213b6d6bc a3=7f483b98bcc0
items=0 ppid=2653 pid=2655 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000
fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=3 comm="gdb"
exe="/usr/bin/gdb" key=(null)
Thank you :)
Thanks & Regards,
Ankitha Kundhuru
- RGB
--
Richard Guy Briggs <rgb(a)redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635