audit_tool Q
From: dompie (kdom@mail.mobistar.be)
Date: 04/11/03
- Next message: pat saunders: "-D A_OSF"
- Previous message: Liu: "Re: RAID performance question on Tru64"
- Next in thread: Nikola Milutinovic: "Re: audit_tool Q"
- Reply: Nikola Milutinovic: "Re: audit_tool Q"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: kdom@mail.mobistar.be (dompie) Date: 11 Apr 2003 05:47:37 -0700
Hi,
I have the following entry in the audit_log:
"
audit_id: 0 ruid/euid: 0/0
pid: 10076 ppid: 9956 cttydev: (6,1)
event: open
char param: /unicenter/em/scripts/unifstat.awk
flags: 0 : read
parent ino: 1198
inode id: 1224 inode dev: (2659,253641) [regular file]
object mode: 0555
result: 3 (0x3)
cpu, seq#: 0x0, 34774
ip address: 175.175.16.152 (lebrun)
timestamp: Fri Apr 11 14:00:05.71 2003 CEST
"
I there a way that I can know on what TTY this command has been
launched?
This way I can use the 'w' cmd with 'ps' to get person that logged on
'root' and typed that command.
(what's does the cttydev field mean?)
Any help much appreciated!
Kd
- Next message: pat saunders: "-D A_OSF"
- Previous message: Liu: "Re: RAID performance question on Tru64"
- Next in thread: Nikola Milutinovic: "Re: audit_tool Q"
- Reply: Nikola Milutinovic: "Re: audit_tool Q"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
