Displaying 2 results from an estimated 2 matches for "zhcey0".
2007 Sep 29
0
Why are most audit events apparently non-attributable?
...nd is why these file deletions are non-attributable?
Surely if I sit there touching and removing files, the events should be
very cleary attributed to me? Even more strange is that the events look
like this:
header,130,10,unlink(2),0,Sat Sep 29 20:48:46 2007, + 957 msec
path,/var/tmp/vi.recover/vi.zhcey0
attribute,600,root,wheel,126,24774,98340
subject,-1,root,wheel,root,wheel,78355,0,0,0.0.0.0
return,success,0
trailer,130
To me, that looks like the event was attributed to 'root', so why does
it only appear when using 'naflags' ie. non attributable events?
Perhaps I misunderstand...
2007 Sep 29
0
Why are audit events apparently non-attributable?
...nd is why these file deletions are non-attributable?
Surely if I sit there touching and removing files, the events should be
very cleary attributed to me? Even more strange is that the events look
like this:
header,130,10,unlink(2),0,Sat Sep 29 20:48:46 2007, + 957 msec
path,/var/tmp/vi.recover/vi.zhcey0
attribute,600,root,wheel,126,24774,98340
subject,-1,root,wheel,root,wheel,78355,0,0,0.0.0.0
return,success,0
trailer,130
To me, that looks like the event was attributed to 'root', so why does
it only appear when using 'naflags' ie. non attributable events?
Perhaps I misunderstand...