janware/jw-devtest
1
mirror of ssh://git.janware.com/srv/git/janware/proj/jw-devtest synced 2026-01-15 02:22:56 +01:00
Code Releases Activity
jw-devtest/test/audit/ausearch.log.ref
Jan Lindemann b5d849ce44 Add test/audit 
Signed-off-by: Jan Lindemann <jan@janware.com>
2025-11-17 11:12:27 +01:00

59 lines
9 KiB
Text
Raw Blame History

# ausearch --interpret
# features: v2.3 audit default
{"types": ["CONFIG_CHANGE"]}
{"types": ["DAEMON_START"]}
{"types": ["NETFILTER_CFG"]}
{"types": ["PROCTITLE", "SYSCALL", "ANOM_PROMISCUOUS"], "proctitle": "/usr/bin/pniod", "syscall": "setsockopt", "exit": "0"}
{"types": ["PROCTITLE", "OBJ_PID", "SYSCALL"], "proctitle": "/lib/systemd/systemd-journald", "syscall": "kill", "exit": "EPERM"} # ignore # this sometimes happens with T02.03.00.00_01.01.97 as well. TODO: Verify this
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_clock/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_lib_ring_buffer/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_block/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_compaction/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_ext4/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_gpio/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_i2c/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_irq/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_jbd2/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_kmem/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_module/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_napi/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_net/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_power/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_printk/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_random/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_rcu/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_regmap/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_sched/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_scsi/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_signal/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_skb/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_sock/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_statedump/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_sunrpc/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_timer/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_udp/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_vmscan/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_workqueue/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_ring_buffer_client_discard/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_ring_buffer_client_mmap_discard/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_ring_buffer_client_mmap_overwrite/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_ring_buffer_client_overwrite/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_ring_buffer_metadata_client/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_ring_buffer_metadata_mmap_client/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_statedump/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_tracer/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_wrapper/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/rcksapi/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/rcksapi_common/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/rcksapi_layer3/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/bin/cdb_upgrade_mgr", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/bin/csrp_confd_phase_sync", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/bin/device-panel", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/bin/dmfd", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/bin/ethernetip", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/bin/iec61850", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/bin/pniod", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/bin/switch-mgmt", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/sbin/cmd", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/sbin/logstoraged", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "cdb_upgrade_mgr", "syscall": "futex", "exit": "EPERM"} # ignore # doesn't seem to be always there
View git blame Copy permalink