LinuxReadeMe

文章目录

1. 1. audit!

audit!

是一个检查框架,提供受控访问保护配置文件(CAPP-compliant:)监控系统，收集系统可靠的信息系统关联的事件。他可以帮助你跟踪系统执行动作。它可以让你系统更加安全，提供系细节。但是它不从错误带木中提供系统保护，

e.g

(total events = 1202)
6月 24 18:13:53 t470p kernel: CPU2: Core temperature/speed normal
6月 24 18:13:53 t470p kernel: CPU6: Core temperature/speed normal
6月 24 18:13:53 t470p kernel: CPU2: Package temperature/speed normal
6月 24 18:13:53 t470p kernel: CPU6: Package temperature/speed normal
6月 24 18:13:53 t470p kernel: CPU1: Package temperature/speed normal
6月 24 18:13:53 t470p kernel: CPU0: Package temperature/speed normal
6月 24 18:13:53 t470p kernel: CPU5: Package temperature/speed normal
6月 24 18:13:53 t470p kernel: CPU7: Package temperature/speed normal
6月 24 18:13:53 t470p kernel: CPU4: Package temperature/speed normal
6月 24 18:13:53 t470p kernel: CPU3: Package temperature/speed normal
6月 24 18:14:09 t470p mount.exfat[2730]: illegal UTF-16 sequence
6月 24 18:14:09 t470p audit[2730]: ANOM_ABEND auid=1000 uid=0 gid=0 ses=2 pid=2730 comm="mount.exfat" exe="/usr/bin/mount.exfat-fuse" sig=6 res=1
6月 24 18:14:09 t470p mount.exfat[2730]: failed to convert name to UTF-8
6月 24 18:14:09 t470p kernel: audit: type=1701 audit(1592993649.131:74): auid=1000 uid=0 gid=0 ses=2 pid=2730 comm="mount.exfat" exe="/usr/bin/mount.exfat-fuse" sig=6 res=1
6月 24 18:14:09 t470p systemd[1]: Created slice system-systemd\x2dcoredump.slice.
6月 24 18:14:09 t470p systemd[1]: Started Process Core Dump (PID 2795/UID 0).
6月 24 18:14:09 t470p audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@0-2795-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostn>
6月 24 18:14:09 t470p kernel: audit: type=1130 audit(1592993649.151:75): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@0-2795-0 comm="systemd" exe="/usr>
6月 24 18:14:09 t470p kdeinit5[1758]: "Could not enter folder /mnt/t5_1t/2t."
6月 24 18:14:10 t470p systemd-coredump[2796]: Process 2730 (mount.exfat) of user 0 dumped core.
                                               
                                               Stack trace of thread 2730:
                                               #0  0x00007f567b053ce5 raise (libc.so.6 + 0x3bce5)
                                               #1  0x00007f567b03d857 abort (libc.so.6 + 0x25857)
                                               #2  0x0000564b036bf026 n/a (mount.exfat-fuse + 0x2026)
                                               #3  0x0000564b036c5786 n/a (mount.exfat-fuse + 0x8786)
                                               #4  0x0000564b036bf9bc n/a (mount.exfat-fuse + 0x29bc)
                                               #5  0x00007f567b20e3c8 fuse_fs_readdir (libfuse.so.2 + 0xe3c8)
                                               #6  0x00007f567b20e59a n/a (libfuse.so.2 + 0xe59a)
                                               #7  0x00007f567b2153d2 n/a (libfuse.so.2 + 0x153d2)
                                               #8  0x00007f567b2164eb n/a (libfuse.so.2 + 0x164eb)
                                               #9  0x00007f567b212c75 fuse_session_loop (libfuse.so.2 + 0x12c75)
                                               #10 0x00007f567b20ab80 fuse_loop (libfuse.so.2 + 0xab80)
                                               #11 0x00007f567b21b709 n/a (libfuse.so.2 + 0x1b709)
                                               #12 0x0000564b036bf39c n/a (mount.exfat-fuse + 0x239c)
                                               #13 0x00007f567b03f023 __libc_start_main (libc.so.6 + 0x27023)
                                               #14 0x0000564b036bf45e n/a (mount.exfat-fuse + 0x245e)
6月 24 18:14:10 t470p systemd[1]: systemd-coredump@0-2795-0.service: Succeeded.
6月 24 18:14:10 t470p kernel: audit: type=1131 audit(1592993650.121:76): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@0-2795-0 comm="systemd" exe="/usr>
lines 1-77/77 (END)