Date: Fri, 23 Oct 2020 10:21:54 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 249179] Several audit framework/tool issues Message-ID: <bug-249179-227-XYr2KNzZYc@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-249179-227@https.bugs.freebsd.org/bugzilla/> References: <bug-249179-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=249179 --- Comment #3 from Eirik Oeverby <ltning-freebsd@anduin.net> --- Is this still not fixed for 12.2? May I point out that the audit framework seems to be more-or-less non-functional at the moment? Successful execs aren't picked up by e.g. bsmtrace, presumably because of this. Example output from praudit: header_ex,132,11,execve(2),0,10.1.10.10,Fri Oct 23 10:17:36 2020, + 944 msec exec arg,./t.sh path,/tmp/./t.sh attribute,755,root,0,968485463,32027,2160726950 subject,ltning,root,0,root,0,83815,83621,61751,192.168.127.2 return,failure: Unknown error: 201,4294967295 trailer,132 Content of /tmp/t.sh: -- #!/bin/sh echo "illegal stuff" -- -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-249179-227-XYr2KNzZYc>