Contents
  1. 1. audit!

audit!

是一个检查框架,提供受控访问保护配置文件(CAPP-compliant:)监控系统,收集系统可靠的信息系统关联的事件。他可以帮助你跟踪系统执行动作。它可以让你系统更加安全,提供系细节。但是它不从错误带木中提供系统保护,

e.g

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
(total events = 1202)
624 18:13:53 t470p kernel: CPU2: Core temperature/speed normal
624 18:13:53 t470p kernel: CPU6: Core temperature/speed normal
624 18:13:53 t470p kernel: CPU2: Package temperature/speed normal
624 18:13:53 t470p kernel: CPU6: Package temperature/speed normal
624 18:13:53 t470p kernel: CPU1: Package temperature/speed normal
624 18:13:53 t470p kernel: CPU0: Package temperature/speed normal
624 18:13:53 t470p kernel: CPU5: Package temperature/speed normal
624 18:13:53 t470p kernel: CPU7: Package temperature/speed normal
624 18:13:53 t470p kernel: CPU4: Package temperature/speed normal
624 18:13:53 t470p kernel: CPU3: Package temperature/speed normal
624 18:14:09 t470p mount.exfat[2730]: illegal UTF-16 sequence
624 18:14:09 t470p audit[2730]: ANOM_ABEND auid=1000 uid=0 gid=0 ses=2 pid=2730 comm="mount.exfat" exe="/usr/bin/mount.exfat-fuse" sig=6 res=1
624 18:14:09 t470p mount.exfat[2730]: failed to convert name to UTF-8
624 18:14:09 t470p kernel: audit: type=1701 audit(1592993649.131:74): auid=1000 uid=0 gid=0 ses=2 pid=2730 comm="mount.exfat" exe="/usr/bin/mount.exfat-fuse" sig=6 res=1
624 18:14:09 t470p systemd[1]: Created slice system-systemd\x2dcoredump.slice.
624 18:14:09 t470p systemd[1]: Started Process Core Dump (PID 2795/UID 0).
624 18:14:09 t470p audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@0-2795-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostn>
624 18:14:09 t470p kernel: audit: type=1130 audit(1592993649.151:75): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@0-2795-0 comm="systemd" exe="/usr>
624 18:14:09 t470p kdeinit5[1758]: "Could not enter folder /mnt/t5_1t/2t."
624 18:14:10 t470p systemd-coredump[2796]: Process 2730 (mount.exfat) of user 0 dumped core.

Stack trace of thread 2730:
#0 0x00007f567b053ce5 raise (libc.so.6 + 0x3bce5)
#1 0x00007f567b03d857 abort (libc.so.6 + 0x25857)
#2 0x0000564b036bf026 n/a (mount.exfat-fuse + 0x2026)
#3 0x0000564b036c5786 n/a (mount.exfat-fuse + 0x8786)
#4 0x0000564b036bf9bc n/a (mount.exfat-fuse + 0x29bc)
#5 0x00007f567b20e3c8 fuse_fs_readdir (libfuse.so.2 + 0xe3c8)
#6 0x00007f567b20e59a n/a (libfuse.so.2 + 0xe59a)
#7 0x00007f567b2153d2 n/a (libfuse.so.2 + 0x153d2)
#8 0x00007f567b2164eb n/a (libfuse.so.2 + 0x164eb)
#9 0x00007f567b212c75 fuse_session_loop (libfuse.so.2 + 0x12c75)
#10 0x00007f567b20ab80 fuse_loop (libfuse.so.2 + 0xab80)
#11 0x00007f567b21b709 n/a (libfuse.so.2 + 0x1b709)
#12 0x0000564b036bf39c n/a (mount.exfat-fuse + 0x239c)
#13 0x00007f567b03f023 __libc_start_main (libc.so.6 + 0x27023)
#14 0x0000564b036bf45e n/a (mount.exfat-fuse + 0x245e)
624 18:14:10 t470p systemd[1]: systemd-coredump@0-2795-0.service: Succeeded.
624 18:14:10 t470p kernel: audit: type=1131 audit(1592993650.121:76): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@0-2795-0 comm="systemd" exe="/usr>
lines 1-77/77 (END)

Contents
  1. 1. audit!