Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 847154 Details for
Bug 1049925
ausearch issues found by ausearch-test
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Audit log file used for testing
audit.log (text/x-log), 7.62 KB, created by
Ondrej Moriš
on 2014-01-08 13:54:58 UTC
(
hide
)
Description:
Audit log file used for testing
Filename:
MIME Type:
Creator:
Ondrej Moriš
Created:
2014-01-08 13:54:58 UTC
Size:
7.62 KB
patch
obsolete
>type=CRED_ACQ msg=audit(1389178565.405:70): pid=11200 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=dhcp-24-117.brq.redhat.com addr=10.34.24.117 terminal=ssh res=success' >type=CRED_DISP msg=audit(1389178862.053:84): pid=11253 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_REFR msg=audit(1389178565.774:78): pid=11203 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=dhcp-24-117.brq.redhat.com addr=10.34.24.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1389178561.086:61): pid=11201 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=9b:ad:ac:4b:d3:a7:36:c1:33:2e:22:78:bd:89:8b:7d direction=? spid=11201 suid=0 exe="/usr/sbin/sshd" hostname=? addr=10.34.24.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1389178561.251:63): pid=11200 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 mac=hmac-md5 spid=11201 suid=74 rport=33649 laddr=10.16.64.133 lport exe="/usr/sbin/sshd" hostname=? addr=10.34.24.117 terminal=? res=success' >type=LOGIN msg=audit(1389178565.405:71): login pid=11200 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 >type=SERVICE_START msg=audit(1389175651.584:57): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-readahead-done" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >type=SERVICE_STOP msg=audit(1389175651.584:58): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-readahead-done" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1389178565.382:67): pid=11200 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=dhcp-24-117.brq.redhat.com addr=10.34.24.117 terminal=ssh res=success' >type=USER_AUTH msg=audit(1389178565.320:65): pid=11200 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=33649 acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.34.24.117 terminal=? res=success' >type=USER_END msg=audit(1389178862.057:85): pid=11253 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_LOGIN msg=audit(1389178565.770:74): pid=11203 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=dhcp-24-117.brq.redhat.com addr=10.34.24.117 terminal=/dev/pts/0 res=success' >type=USER_ROLE_CHANGE msg=audit(1389178565.532:72): pid=11200 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=dhcp-24-117.brq.redhat.com addr=10.34.24.117 terminal=ssh res=success' >type=USER_START msg=audit(1389178565.593:73): pid=11200 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=dhcp-24-117.brq.redhat.com addr=10.34.24.117 terminal=ssh res=success' >type=ADD_GROUP msg=audit(1314787251.497:65472): user pid=1533 uid=0 auid=0 ses=3822 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=adding group acct="tbird" exe="/usr/sbin/useradd" hostname=? addr=? terminal=pts/4 res=success' >type=ADD_USER msg=audit(1314787252.383:65473): user pid=1533 uid=0 auid=0 ses=3822 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=adding user id=506 exe="/usr/sbin/useradd" hostname=? addr=? terminal=pts/4 res=success' >type=ANOM_ABEND msg=audit(1314790971.983:65635): auid=0 uid=506 gid=507 ses=3822 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=3255 comm="gnome-screensav" sig=6 >type=AVC msg=audit(1314775502.467:64991): avc: denied { read } for pid=24194 comm="cat" name="log" dev=cciss/c0d0p2 ino=2433983 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=file >type=SYSCALL msg=audit(1314775502.467:64991): arch=c000003e syscall=2 success=no exit=-13 a0=7fff9e8c0e29 a1=0 a2=7fff9e8bf2a0 a3=a items=0 ppid=24193 pid=24194 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3749 comm="cat" exe="/bin/cat" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null) >type=CONFIG_CHANGE msg=audit(1314779714.372:65167): audit_backlog_limit=320 old=320 auid=0 ses=3778 subj=unconfined_u:system_r:auditctl_t:s0 res=1 >type=SYSCALL msg=audit(1314861302.426:41887): arch=c000003e syscall=2 success=no exit=-13 a0=7fa7a7fff12b a1=80000 a2=1b6 a3=0 items=1 ppid=25218 pid=25224 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=316 comm="logwatch" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key="access" >type=CWD msg=audit(1314861302.426:41887): cwd="/" >type=PATH msg=audit(1314861302.426:41887): item=0 name="/etc/shadow" inode=918088 dev=fd:00 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 >type=DAEMON_END msg=audit(1314779714.168:8516): auditd normal halt, sending auid=0 pid=1683 subj=unconfined_u:system_r:initrc_t:s0 res=success >type=DAEMON_START msg=audit(1314779714.266:4877): auditd start, ver=2.1.3 format=raw kernel=2.6.32-131.12.1.el6.x86_64 auid=0 pid=1703 subj=unconfined_u:system_r:auditd_t:s0 res=success >type=DEL_GROUP msg=audit(1314799126.386:65936): user pid=22019 uid=0 auid=0 ses=3822 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=deleting group acct="tbird" exe="/usr/sbin/userdel" hostname=? addr=? terminal=pts/12 res=success' >type=DEL_USER msg=audit(1314799126.374:65935): user pid=22019 uid=0 auid=0 ses=3822 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=deleting user entries id=506 exe="/usr/sbin/userdel" hostname=? addr=? terminal=pts/12 res=success' >type=USER_CHAUTHTOK msg=audit(1314787262.367:65475): user pid=1541 uid=0 auid=0 ses=3822 subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 msg='op=PAM:chauthtok acct="tbird" exe="/usr/bin/passwd" hostname=? addr=? terminal=pts/4 res=success' >type=USER_ERR msg=audit(1314797464.990:65860): user pid=21414 uid=0 auid=0 ses=1445 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:bad_ident acct="?" exe="/usr/sbin/sshd" hostname=vpn-10-223.rdu.redhat.com addr=10.11.10.223 terminal=ssh res=failed' >type=USER_LOGOUT msg=audit(1314778162.015:65081): user pid=2028 uid=0 auid=0 ses=3319 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/4 res=success' >type=SYSCALL msg=audit(1175763155.131:66873): arch=c000003e syscall=4 success=no exit=-13 a0=1f849b20 a1=7fff97a49840 a2=7fff97a49840 a3=1f849b20 items=1 ppid=30441 pid=30443 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="python" exe="/usr/bin/python" subj=user_u:system_r:auditd_t:s0 key=(null) >type=AVC_PATH msg=audit(1175763155.131:66873): path="/var/run/audit_events" >type=CWD msg=audit(1175763155.131:66873): cwd="/" >type=PATH msg=audit(1175763155.131:66873): item=0 name="/var/run/audit_events" inode=2097204 dev=fd:00 mode=0140755 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:var_run_t:s0
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=847154">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1049925
: 847154