From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Paris Subject: Re: [PATCH 1/2] Audit: break up execve arguments into multiple records Date: Wed, 03 Oct 2007 13:44:34 -0400 Message-ID: <1191433474.9506.41.camel@localhost.localdomain> References: <1191360334.9506.28.camel@localhost.localdomain> <200710031313.58678.sgrubb@redhat.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-ojthau3WDEaqi40ZLcZM" Return-path: In-Reply-To: <200710031313.58678.sgrubb@redhat.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Steve Grubb Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com --=-ojthau3WDEaqi40ZLcZM Content-Type: text/plain Content-Transfer-Encoding: 7bit On Wed, 2007-10-03 at 13:13 -0400, Steve Grubb wrote: > On Tuesday 02 October 2007 17:25:34 Eric Paris wrote: > > Break the auditing of execve arguments into smaller records if there are > > a lot. > > Do you have an example of what the event would look like with this patch > applied? > > Thanks, > -Steve attached is a log with about 1200 arguments. My first attachment was of a single execve with about 800k worth of arguments! But it was rather large and list wouldn't have liked it. Hopefully this attachment is still big enough to amaze and small enough to download *smile* -Eric --=-ojthau3WDEaqi40ZLcZM Content-Disposition: attachment; filename=audit.log Content-Type: text/x-log; name=audit.log; charset=utf-8 Content-Transfer-Encoding: quoted-printable type=3DCONFIG_CHANGE msg=3Daudit(1191433486.837:3358): auid=3D0 subj=3Droot= :system_r:auditctl_t:s0-s0:c0.c1023 op=3Dremove rule key=3D(null) list=3D4 = res=3D1 type=3DCONFIG_CHANGE msg=3Daudit(1191433509.993:3359): auid=3D0 subj=3Droot= :system_r:auditctl_t:s0-s0:c0.c1023 op=3Dadd rule key=3D(null) list=3D4 res= =3D1 type=3DSYSCALL msg=3Daudit(1191433516.461:3360): arch=3Dc000003e syscall=3D= 59 success=3Dyes exit=3D0 a0=3D702b70 a1=3D71ec10 a2=3D7028f0 a3=3D0 items= =3D2 ppid=3D5958 pid=3D17956 auid=3D0 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsu= id=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3Dpts0 comm=3D"ls" exe=3D"/bin/ls" s= ubj=3Droot:system_r:unconfined_t:s0-s0:c0.c1023 key=3D(null) type=3DEXECVE msg=3Daudit(1191433516.461:3360): a0=3D"ls" a1=3D"--color=3Dt= ty" a2=3D"dir10/file1" a3=3D"dir10/file10" a4=3D"dir10/file11" a5=3D"dir10/= file12" a6=3D"dir10/file13" a7=3D"dir10/file14" a8=3D"dir10/file15" a9=3D"d= ir10/file16" a10=3D"dir10/file17" a11=3D"dir10/file18" a12=3D"dir10/file19"= a13=3D"dir10/file2" a14=3D"dir10/file20" a15=3D"dir10/file21" a16=3D"dir10= /file22" a17=3D"dir10/file23" a18=3D"dir10/file24" a19=3D"dir10/file25" a20= =3D"dir10/file26" a21=3D"dir10/file27" a22=3D"dir10/file28" a23=3D"dir10/fi= le29" a24=3D"dir10/file3" a25=3D"dir10/file30" a26=3D"dir10/file31" a27=3D"= dir10/file32" a28=3D"dir10/file33" a29=3D"dir10/file34" a30=3D"dir10/file35= " a31=3D"dir10/file36" a32=3D"dir10/file37" a33=3D"dir10/file38" a34=3D"dir= 10/file39" a35=3D"dir10/file4" a36=3D"dir10/file40" a37=3D"dir10/file41" a3= 8=3D"dir10/file42" a39=3D"dir10/file43" a40=3D"dir10/file44" a41=3D"dir10/f= ile45" a42=3D"dir10/file46" a43=3D"dir10/file47" a44=3D"dir10/file48" a45= =3D"dir10/file49" a46=3D"dir10/file5" a47=3D"dir10/file50" a48=3D"dir10/fil= e6" a49=3D"dir10/file7" a50=3D"dir10/file8" a51=3D"dir10/file9" a52=3D"dir1= 1/file1" a53=3D"dir11/file10" a54=3D"dir11/file11" a55=3D"dir11/file12" a56= =3D"dir11/file13" a57=3D"dir11/file14" a58=3D"dir11/file15" a59=3D"dir11/fi= le16" a60=3D"dir11/file17" a61=3D"dir11/file18" a62=3D"dir11/file19" a63=3D= "dir11/file2" a64=3D"dir11/file20" a65=3D"dir11/file21" a66=3D"dir11/file22= " a67=3D"dir11/file23" a68=3D"dir11/file24" a69=3D"dir11/file25" a70=3D"dir= 11/file26" a71=3D"dir11/file27" a72=3D"dir11/file28" a73=3D"dir11/file29" a= 74=3D"dir11/file3" a75=3D"dir11/file30" a76=3D"dir11/file31" a77=3D"dir11/f= ile32" a78=3D"dir11/file33" a79=3D"dir11/file34" a80=3D"dir11/file35" a81= =3D"dir11/file36" a82=3D"dir11/file37" a83=3D"dir11/file38" a84=3D"dir11/fi= le39" a85=3D"dir11/file4" a86=3D"dir11/file40" a87=3D"dir11/file41" a88=3D"= dir11/file42" a89=3D"dir11/file43" a90=3D"dir11/file44" a91=3D"dir11/file45= " a92=3D"dir11/file46" a93=3D"dir11/file47" a94=3D"dir11/file48" a95=3D"dir= 11/file49" a96=3D"dir11/file5" a97=3D"dir11/file50" a98=3D"dir11/file6" a99= =3D"dir11/file7" a100=3D"dir11/file8" a101=3D"dir11/file9" a102=3D"dir12/fi= le1" a103=3D"dir12/file10" a104=3D"dir12/file11" a105=3D"dir12/file12" a106= =3D"dir12/file13" a107=3D"dir12/file14" a108=3D"dir12/file15" a109=3D"dir12= /file16" a110=3D"dir12/file17" a111=3D"dir12/file18" a112=3D"dir12/file19" = a113=3D"dir12/file2" a114=3D"dir12/file20" a115=3D"dir12/file21" a116=3D"di= r12/file22" a117=3D"dir12/file23" a118=3D"dir12/file24" a119=3D"dir12/file2= 5" a120=3D"dir12/file26" a121=3D"dir12/file27" a122=3D"dir12/file28" a123= =3D"dir12/file29" a124=3D"dir12/file3" a125=3D"dir12/file30" a126=3D"dir12/= file31" a127=3D"dir12/file32" a128=3D"dir12/file33" a129=3D"dir12/file34" a= 130=3D"dir12/file35" a131=3D"dir12/file36" a132=3D"dir12/file37" a133=3D"di= r12/file38" a134=3D"dir12/file39" a135=3D"dir12/file4" a136=3D"dir12/file40= " a137=3D"dir12/file41" a138=3D"dir12/file42" a139=3D"dir12/file43" a140=3D= "dir12/file44" a141=3D"dir12/file45" a142=3D"dir12/file46" a143=3D"dir12/fi= le47" a144=3D"dir12/file48" a145=3D"dir12/file49" a146=3D"dir12/file5" a147= =3D"dir12/file50" a148=3D"dir12/file6" a149=3D"dir12/file7" a150=3D"dir12/f= ile8" a151=3D"dir12/file9" a152=3D"dir13/file1" a153=3D"dir13/file10" a154= =3D"dir13/file11" a155=3D"dir13/file12" a156=3D"dir13/file13" a157=3D"dir13= /file14" a158=3D"dir13/file15" a159=3D"dir13/file16" a160=3D"dir13/file17" = a161=3D"dir13/file18" a162=3D"dir13/file19" a163=3D"dir13/file2" a164=3D"di= r13/file20" a165=3D"dir13/file21" a166=3D"dir13/file22" a167=3D"dir13/file2= 3" a168=3D"dir13/file24" a169=3D"dir13/file25" a170=3D"dir13/file26" a171= =3D"dir13/file27" a172=3D"dir13/file28" a173=3D"dir13/file29" a174=3D"dir13= /file3" a175=3D"dir13/file30" a176=3D"dir13/file31" a177=3D"dir13/file32" a= 178=3D"dir13/file33" a179=3D"dir13/file34" a180=3D"dir13/file35" a181=3D"di= r13/file36" a182=3D"dir13/file37" a183=3D"dir13/file38" a184=3D"dir13/file3= 9" a185=3D"dir13/file4" a186=3D"dir13/file40" a187=3D"dir13/file41" a188=3D= "dir13/file42" a189=3D"dir13/file43" a190=3D"dir13/file44" a191=3D"dir13/fi= le45" a192=3D"dir13/file46" a193=3D"dir13/file47" a194=3D"dir13/file48" a19= 5=3D"dir13/file49" a196=3D"dir13/file5" a197=3D"dir13/file50" a198=3D"dir13= /file6" a199=3D"dir13/file7" a200=3D"dir13/file8" a201=3D"dir13/file9" a202= =3D"dir14/file1" a203=3D"dir14/file10" a204=3D"dir14/file11" a205=3D"dir14/= file12" a206=3D"dir14/file13" a207=3D"dir14/file14" a208=3D"dir14/file15" a= 209=3D"dir14/file16" a210=3D"dir14/file17" a211=3D"dir14/file18" a212=3D"di= r14/file19" a213=3D"dir14/file2" a214=3D"dir14/file20" a215=3D"dir14/file21= " a216=3D"dir14/file22" a217=3D"dir14/file23" a218=3D"dir14/file24" a219=3D= "dir14/file25" a220=3D"dir14/file26" a221=3D"dir14/file27" a222=3D"dir14/fi= le28" a223=3D"dir14/file29" a224=3D"dir14/file3" a225=3D"dir14/file30" a226= =3D"dir14/file31" a227=3D"dir14/file32" a228=3D"dir14/file33" a229=3D"dir14= /file34" a230=3D"dir14/file35" a231=3D"dir14/file36" a232=3D"dir14/file37" = a233=3D"dir14/file38" a234=3D"dir14/file39" a235=3D"dir14/file4" a236=3D"di= r14/file40" a237=3D"dir14/file41" a238=3D"dir14/file42" a239=3D"dir14/file4= 3" a240=3D"dir14/file44" a241=3D"dir14/file45" a242=3D"dir14/file46" a243= =3D"dir14/file47" a244=3D"dir14/file48" a245=3D"dir14/file49" a246=3D"dir14= /file5" a247=3D"dir14/file50" a248=3D"dir14/file6" a249=3D"dir14/file7" a25= 0=3D"dir14/file8" a251=3D"dir14/file9" a252=3D"dir15/file1" a253=3D"dir15/f= ile10" a254=3D"dir15/file11" a255=3D"dir15/file12" a256=3D"dir15/file13" a2= 57=3D"dir15/file14" a258=3D"dir15/file15" a259=3D"dir15/file16" a260=3D"dir= 15/file17" a261=3D"dir15/file18" a262=3D"dir15/file19" a263=3D"dir15/file2"= a264=3D"dir15/file20" a265=3D"dir15/file21" a266=3D"dir15/file22" a267=3D"= dir15/file23" a268=3D"dir15/file24" a269=3D"dir15/file25" a270=3D"dir15/fil= e26" a271=3D"dir15/file27" a272=3D"dir15/file28" a273=3D"dir15/file29" a274= =3D"dir15/file3" a275=3D"dir15/file30" a276=3D"dir15/file31" a277=3D"dir15/= file32" a278=3D"dir15/file33" a279=3D"dir15/file34" a280=3D"dir15/file35" a= 281=3D"dir15/file36" a282=3D"dir15/file37" a283=3D"dir15/file38" a284=3D"di= r15/file39" a285=3D"dir15/file4" a286=3D"dir15/file40" a287=3D"dir15/file41= " a288=3D"dir15/file42" a289=3D"dir15/file43" a290=3D"dir15/file44" a291=3D= "dir15/file45" a292=3D"dir15/file46" a293=3D"dir15/file47" a294=3D"dir15/fi= le48" a295=3D"dir15/file49" a296=3D"dir15/file5" a297=3D"dir15/file50" a298= =3D"dir15/file6" a299=3D"dir15/file7" a300=3D"dir15/file8" a301=3D"dir15/fi= le9" a302=3D"dir16/file1" a303=3D"dir16/file10" a304=3D"dir16/file11" a305= =3D"dir16/file12" a306=3D"dir16/file13" a307=3D"dir16/file14" a308=3D"dir16= /file15" a309=3D"dir16/file16" a310=3D"dir16/file17" a311=3D"dir16/file18" = a312=3D"dir16/file19" a313=3D"dir16/file2" a314=3D"dir16/file20" a315=3D"di= r16/file21" a316=3D"dir16/file22" a317=3D"dir16/file23" a318=3D"dir16/file2= 4" a319=3D"dir16/file25" a320=3D"dir16/file26" a321=3D"dir16/file27" a322= =3D"dir16/file28" a323=3D"dir16/file29" a324=3D"dir16/file3" a325=3D"dir16/= file30" a326=3D"dir16/file31" a327=3D"dir16/file32" a328=3D"dir16/file33" a= 329=3D"dir16/file34" a330=3D"dir16/file35" a331=3D"dir16/file36" a332=3D"di= r16/file37" a333=3D"dir16/file38" a334=3D"dir16/file39" a335=3D"dir16/file4= " a336=3D"dir16/file40" a337=3D"dir16/file41" a338=3D"dir16/file42" a339=3D= "dir16/file43" a340=3D"dir16/file44" a341=3D"dir16/file45" a342=3D"dir16/fi= le46" a343=3D"dir16/file47" a344=3D"dir16/file48" a345=3D"dir16/file49" a34= 6=3D"dir16/file5" a347=3D"dir16/file50" a348=3D"dir16/file6" a349=3D"dir16/= file7" a350=3D"dir16/file8" a351=3D"dir16/file9" a352=3D"dir17/file1" a353= =3D"dir17/file10" a354=3D"dir17/file11" a355=3D"dir17/file12" a356=3D"dir17= /file13" a357=3D"dir17/file14" a358=3D"dir17/file15" a359=3D"dir17/file16" = a360=3D"dir17/file17" a361=3D"dir17/file18" a362=3D"dir17/file19" a363=3D"d= ir17/file2" a364=3D"dir17/file20" a365=3D"dir17/file21" a366=3D"dir17/file2= 2" a367=3D"dir17/file23" a368=3D"dir17/file24" a369=3D"dir17/file25" a370= =3D"dir17/file26" a371=3D"dir17/file27" a372=3D"dir17/file28" a373=3D"dir17= /file29" a374=3D"dir17/file3" a375=3D"dir17/file30" a376=3D"dir17/file31" a= 377=3D"dir17/file32" a378=3D"dir17/file33" a379=3D"dir17/file34" a380=3D"di= r17/file35" a381=3D"dir17/file36" a382=3D"dir17/file37" a383=3D"dir17/file3= 8" a384=3D"dir17/file39" a385=3D"dir17/file4" a386=3D"dir17/file40" a387=3D= "dir17/file41" a388=3D"dir17/file42" a389=3D"dir17/file43" a390=3D"dir17/fi= le44" a391=3D"dir17/file45" a392=3D"dir17/file46" a393=3D"dir17/file47" a39= 4=3D"dir17/file48" a395=3D"dir17/file49" a396=3D"dir17/file5" a397=3D"dir17= /file50" a398=3D"dir17/file6" a399=3D"dir17/file7" a400=3D"dir17/file8" a40= 1=3D"dir17/file9" a402=3D"dir18/file1" a403=3D"dir18/file10"=20 type=3DEXECVE msg=3Daudit(1191433516.461:3360): a404=3D"dir18/file11" a405= =3D"dir18/file12" a406=3D"dir18/file13" a407=3D"dir18/file14" a408=3D"dir18= /file15" a409=3D"dir18/file16" a410=3D"dir18/file17" a411=3D"dir18/file18" = a412=3D"dir18/file19" a413=3D"dir18/file2" a414=3D"dir18/file20" a415=3D"di= r18/file21" a416=3D"dir18/file22" a417=3D"dir18/file23" a418=3D"dir18/file2= 4" a419=3D"dir18/file25" a420=3D"dir18/file26" a421=3D"dir18/file27" a422= =3D"dir18/file28" a423=3D"dir18/file29" a424=3D"dir18/file3" a425=3D"dir18/= file30" a426=3D"dir18/file31" a427=3D"dir18/file32" a428=3D"dir18/file33" a= 429=3D"dir18/file34" a430=3D"dir18/file35" a431=3D"dir18/file36" a432=3D"di= r18/file37" a433=3D"dir18/file38" a434=3D"dir18/file39" a435=3D"dir18/file4= " a436=3D"dir18/file40" a437=3D"dir18/file41" a438=3D"dir18/file42" a439=3D= "dir18/file43" a440=3D"dir18/file44" a441=3D"dir18/file45" a442=3D"dir18/fi= le46" a443=3D"dir18/file47" a444=3D"dir18/file48" a445=3D"dir18/file49" a44= 6=3D"dir18/file5" a447=3D"dir18/file50" a448=3D"dir18/file6" a449=3D"dir18/= file7" a450=3D"dir18/file8" a451=3D"dir18/file9" a452=3D"dir19/file1" a453= =3D"dir19/file10" a454=3D"dir19/file11" a455=3D"dir19/file12" a456=3D"dir19= /file13" a457=3D"dir19/file14" a458=3D"dir19/file15" a459=3D"dir19/file16" = a460=3D"dir19/file17" a461=3D"dir19/file18" a462=3D"dir19/file19" a463=3D"d= ir19/file2" a464=3D"dir19/file20" a465=3D"dir19/file21" a466=3D"dir19/file2= 2" a467=3D"dir19/file23" a468=3D"dir19/file24" a469=3D"dir19/file25" a470= =3D"dir19/file26" a471=3D"dir19/file27" a472=3D"dir19/file28" a473=3D"dir19= /file29" a474=3D"dir19/file3" a475=3D"dir19/file30" a476=3D"dir19/file31" a= 477=3D"dir19/file32" a478=3D"dir19/file33" a479=3D"dir19/file34" a480=3D"di= r19/file35" a481=3D"dir19/file36" a482=3D"dir19/file37" a483=3D"dir19/file3= 8" a484=3D"dir19/file39" a485=3D"dir19/file4" a486=3D"dir19/file40" a487=3D= "dir19/file41" a488=3D"dir19/file42" a489=3D"dir19/file43" a490=3D"dir19/fi= le44" a491=3D"dir19/file45" a492=3D"dir19/file46" a493=3D"dir19/file47" a49= 4=3D"dir19/file48" a495=3D"dir19/file49" a496=3D"dir19/file5" a497=3D"dir19= /file50" a498=3D"dir19/file6" a499=3D"dir19/file7" a500=3D"dir19/file8" a50= 1=3D"dir19/file9" a502=3D"dir1/file1" a503=3D"dir1/file10" a504=3D"dir1/fil= e11" a505=3D"dir1/file12" a506=3D"dir1/file13" a507=3D"dir1/file14" a508=3D= "dir1/file15" a509=3D"dir1/file16" a510=3D"dir1/file17" a511=3D"dir1/file18= " a512=3D"dir1/file19" a513=3D"dir1/file2" a514=3D"dir1/file20" a515=3D"dir= 1/file21" a516=3D"dir1/file22" a517=3D"dir1/file23" a518=3D"dir1/file24" a5= 19=3D"dir1/file25" a520=3D"dir1/file26" a521=3D"dir1/file27" a522=3D"dir1/f= ile28" a523=3D"dir1/file29" a524=3D"dir1/file3" a525=3D"dir1/file30" a526= =3D"dir1/file31" a527=3D"dir1/file32" a528=3D"dir1/file33" a529=3D"dir1/fil= e34" a530=3D"dir1/file35" a531=3D"dir1/file36" a532=3D"dir1/file37" a533=3D= "dir1/file38" a534=3D"dir1/file39" a535=3D"dir1/file4" a536=3D"dir1/file40"= a537=3D"dir1/file41" a538=3D"dir1/file42" a539=3D"dir1/file43" a540=3D"dir= 1/file44" a541=3D"dir1/file45" a542=3D"dir1/file46" a543=3D"dir1/file47" a5= 44=3D"dir1/file48" a545=3D"dir1/file49" a546=3D"dir1/file5" a547=3D"dir1/fi= le50" a548=3D"dir1/file6" a549=3D"dir1/file7" a550=3D"dir1/file8" a551=3D"d= ir1/file9" a552=3D"dir20/file1" a553=3D"dir20/file10" a554=3D"dir20/file11"= a555=3D"dir20/file12" a556=3D"dir20/file13" a557=3D"dir20/file14" a558=3D"= dir20/file15" a559=3D"dir20/file16" a560=3D"dir20/file17" a561=3D"dir20/fil= e18" a562=3D"dir20/file19" a563=3D"dir20/file2" a564=3D"dir20/file20" a565= =3D"dir20/file21" a566=3D"dir20/file22" a567=3D"dir20/file23" a568=3D"dir20= /file24" a569=3D"dir20/file25" a570=3D"dir20/file26" a571=3D"dir20/file27" = a572=3D"dir20/file28" a573=3D"dir20/file29" a574=3D"dir20/file3" a575=3D"di= r20/file30" a576=3D"dir20/file31" a577=3D"dir20/file32" a578=3D"dir20/file3= 3" a579=3D"dir20/file34" a580=3D"dir20/file35" a581=3D"dir20/file36" a582= =3D"dir20/file37" a583=3D"dir20/file38" a584=3D"dir20/file39" a585=3D"dir20= /file4" a586=3D"dir20/file40" a587=3D"dir20/file41" a588=3D"dir20/file42" a= 589=3D"dir20/file43" a590=3D"dir20/file44" a591=3D"dir20/file45" a592=3D"di= r20/file46" a593=3D"dir20/file47" a594=3D"dir20/file48" a595=3D"dir20/file4= 9" a596=3D"dir20/file5" a597=3D"dir20/file50" a598=3D"dir20/file6" a599=3D"= dir20/file7" a600=3D"dir20/file8" a601=3D"dir20/file9" a602=3D"dir21/file1"= a603=3D"dir21/file10" a604=3D"dir21/file11" a605=3D"dir21/file12" a606=3D"= dir21/file13" a607=3D"dir21/file14" a608=3D"dir21/file15" a609=3D"dir21/fil= e16" a610=3D"dir21/file17" a611=3D"dir21/file18" a612=3D"dir21/file19" a613= =3D"dir21/file2" a614=3D"dir21/file20" a615=3D"dir21/file21" a616=3D"dir21/= file22" a617=3D"dir21/file23" a618=3D"dir21/file24" a619=3D"dir21/file25" a= 620=3D"dir21/file26" a621=3D"dir21/file27" a622=3D"dir21/file28" a623=3D"di= r21/file29" a624=3D"dir21/file3" a625=3D"dir21/file30" a626=3D"dir21/file31= " a627=3D"dir21/file32" a628=3D"dir21/file33" a629=3D"dir21/file34" a630=3D= "dir21/file35" a631=3D"dir21/file36" a632=3D"dir21/file37" a633=3D"dir21/fi= le38" a634=3D"dir21/file39" a635=3D"dir21/file4" a636=3D"dir21/file40" a637= =3D"dir21/file41" a638=3D"dir21/file42" a639=3D"dir21/file43" a640=3D"dir21= /file44" a641=3D"dir21/file45" a642=3D"dir21/file46" a643=3D"dir21/file47" = a644=3D"dir21/file48" a645=3D"dir21/file49" a646=3D"dir21/file5" a647=3D"di= r21/file50" a648=3D"dir21/file6" a649=3D"dir21/file7" a650=3D"dir21/file8" = a651=3D"dir21/file9" a652=3D"dir22/file1" a653=3D"dir22/file10" a654=3D"dir= 22/file11" a655=3D"dir22/file12" a656=3D"dir22/file13" a657=3D"dir22/file14= " a658=3D"dir22/file15" a659=3D"dir22/file16" a660=3D"dir22/file17" a661=3D= "dir22/file18" a662=3D"dir22/file19" a663=3D"dir22/file2" a664=3D"dir22/fil= e20" a665=3D"dir22/file21" a666=3D"dir22/file22" a667=3D"dir22/file23" a668= =3D"dir22/file24" a669=3D"dir22/file25" a670=3D"dir22/file26" a671=3D"dir22= /file27" a672=3D"dir22/file28" a673=3D"dir22/file29" a674=3D"dir22/file3" a= 675=3D"dir22/file30" a676=3D"dir22/file31" a677=3D"dir22/file32" a678=3D"di= r22/file33" a679=3D"dir22/file34" a680=3D"dir22/file35" a681=3D"dir22/file3= 6" a682=3D"dir22/file37" a683=3D"dir22/file38" a684=3D"dir22/file39" a685= =3D"dir22/file4" a686=3D"dir22/file40" a687=3D"dir22/file41" a688=3D"dir22/= file42" a689=3D"dir22/file43" a690=3D"dir22/file44" a691=3D"dir22/file45" a= 692=3D"dir22/file46" a693=3D"dir22/file47" a694=3D"dir22/file48" a695=3D"di= r22/file49" a696=3D"dir22/file5" a697=3D"dir22/file50" a698=3D"dir22/file6"= a699=3D"dir22/file7" a700=3D"dir22/file8" a701=3D"dir22/file9" a702=3D"dir= 23/file1" a703=3D"dir23/file10" a704=3D"dir23/file11" a705=3D"dir23/file12"= a706=3D"dir23/file13" a707=3D"dir23/file14" a708=3D"dir23/file15" a709=3D"= dir23/file16" a710=3D"dir23/file17" a711=3D"dir23/file18" a712=3D"dir23/fil= e19" a713=3D"dir23/file2" a714=3D"dir23/file20" a715=3D"dir23/file21" a716= =3D"dir23/file22" a717=3D"dir23/file23" a718=3D"dir23/file24" a719=3D"dir23= /file25" a720=3D"dir23/file26" a721=3D"dir23/file27" a722=3D"dir23/file28" = a723=3D"dir23/file29" a724=3D"dir23/file3" a725=3D"dir23/file30" a726=3D"di= r23/file31" a727=3D"dir23/file32" a728=3D"dir23/file33" a729=3D"dir23/file3= 4" a730=3D"dir23/file35" a731=3D"dir23/file36" a732=3D"dir23/file37" a733= =3D"dir23/file38" a734=3D"dir23/file39" a735=3D"dir23/file4" a736=3D"dir23/= file40" a737=3D"dir23/file41" a738=3D"dir23/file42" a739=3D"dir23/file43" a= 740=3D"dir23/file44" a741=3D"dir23/file45" a742=3D"dir23/file46" a743=3D"di= r23/file47" a744=3D"dir23/file48" a745=3D"dir23/file49" a746=3D"dir23/file5= " a747=3D"dir23/file50" a748=3D"dir23/file6" a749=3D"dir23/file7" a750=3D"d= ir23/file8" a751=3D"dir23/file9" a752=3D"dir24/file1" a753=3D"dir24/file10"= a754=3D"dir24/file11" a755=3D"dir24/file12" a756=3D"dir24/file13" a757=3D"= dir24/file14" a758=3D"dir24/file15" a759=3D"dir24/file16" a760=3D"dir24/fil= e17" a761=3D"dir24/file18" a762=3D"dir24/file19" a763=3D"dir24/file2" a764= =3D"dir24/file20" a765=3D"dir24/file21" a766=3D"dir24/file22" a767=3D"dir24= /file23" a768=3D"dir24/file24" a769=3D"dir24/file25" a770=3D"dir24/file26" = a771=3D"dir24/file27" a772=3D"dir24/file28" a773=3D"dir24/file29" a774=3D"d= ir24/file3" a775=3D"dir24/file30" a776=3D"dir24/file31" a777=3D"dir24/file3= 2" a778=3D"dir24/file33" a779=3D"dir24/file34" a780=3D"dir24/file35" a781= =3D"dir24/file36" a782=3D"dir24/file37" a783=3D"dir24/file38" a784=3D"dir24= /file39" a785=3D"dir24/file4" a786=3D"dir24/file40" a787=3D"dir24/file41" a= 788=3D"dir24/file42" a789=3D"dir24/file43" a790=3D"dir24/file44" a791=3D"di= r24/file45" a792=3D"dir24/file46" a793=3D"dir24/file47" a794=3D"dir24/file4= 8" a795=3D"dir24/file49" a796=3D"dir24/file5" a797=3D"dir24/file50" a798=3D= "dir24/file6" a799=3D"dir24/file7" a800=3D"dir24/file8" a801=3D"dir24/file9= " a802=3D"dir2/file1" a803=3D"dir2/file10" a804=3D"dir2/file11"=20 type=3DEXECVE msg=3Daudit(1191433516.461:3360): a805=3D"dir2/file12" a806= =3D"dir2/file13" a807=3D"dir2/file14" a808=3D"dir2/file15" a809=3D"dir2/fil= e16" a810=3D"dir2/file17" a811=3D"dir2/file18" a812=3D"dir2/file19" a813=3D= "dir2/file2" a814=3D"dir2/file20" a815=3D"dir2/file21" a816=3D"dir2/file22"= a817=3D"dir2/file23" a818=3D"dir2/file24" a819=3D"dir2/file25" a820=3D"dir= 2/file26" a821=3D"dir2/file27" a822=3D"dir2/file28" a823=3D"dir2/file29" a8= 24=3D"dir2/file3" a825=3D"dir2/file30" a826=3D"dir2/file31" a827=3D"dir2/fi= le32" a828=3D"dir2/file33" a829=3D"dir2/file34" a830=3D"dir2/file35" a831= =3D"dir2/file36" a832=3D"dir2/file37" a833=3D"dir2/file38" a834=3D"dir2/fil= e39" a835=3D"dir2/file4" a836=3D"dir2/file40" a837=3D"dir2/file41" a838=3D"= dir2/file42" a839=3D"dir2/file43" a840=3D"dir2/file44" a841=3D"dir2/file45"= a842=3D"dir2/file46" a843=3D"dir2/file47" a844=3D"dir2/file48" a845=3D"dir= 2/file49" a846=3D"dir2/file5" a847=3D"dir2/file50" a848=3D"dir2/file6" a849= =3D"dir2/file7" a850=3D"dir2/file8" a851=3D"dir2/file9" a852=3D"dir3/file1"= a853=3D"dir3/file10" a854=3D"dir3/file11" a855=3D"dir3/file12" a856=3D"dir= 3/file13" a857=3D"dir3/file14" a858=3D"dir3/file15" a859=3D"dir3/file16" a8= 60=3D"dir3/file17" a861=3D"dir3/file18" a862=3D"dir3/file19" a863=3D"dir3/f= ile2" a864=3D"dir3/file20" a865=3D"dir3/file21" a866=3D"dir3/file22" a867= =3D"dir3/file23" a868=3D"dir3/file24" a869=3D"dir3/file25" a870=3D"dir3/fil= e26" a871=3D"dir3/file27" a872=3D"dir3/file28" a873=3D"dir3/file29" a874=3D= "dir3/file3" a875=3D"dir3/file30" a876=3D"dir3/file31" a877=3D"dir3/file32"= a878=3D"dir3/file33" a879=3D"dir3/file34" a880=3D"dir3/file35" a881=3D"dir= 3/file36" a882=3D"dir3/file37" a883=3D"dir3/file38" a884=3D"dir3/file39" a8= 85=3D"dir3/file4" a886=3D"dir3/file40" a887=3D"dir3/file41" a888=3D"dir3/fi= le42" a889=3D"dir3/file43" a890=3D"dir3/file44" a891=3D"dir3/file45" a892= =3D"dir3/file46" a893=3D"dir3/file47" a894=3D"dir3/file48" a895=3D"dir3/fil= e49" a896=3D"dir3/file5" a897=3D"dir3/file50" a898=3D"dir3/file6" a899=3D"d= ir3/file7" a900=3D"dir3/file8" a901=3D"dir3/file9" a902=3D"dir4/file1" a903= =3D"dir4/file10" a904=3D"dir4/file11" a905=3D"dir4/file12" a906=3D"dir4/fil= e13" a907=3D"dir4/file14" a908=3D"dir4/file15" a909=3D"dir4/file16" a910=3D= "dir4/file17" a911=3D"dir4/file18" a912=3D"dir4/file19" a913=3D"dir4/file2"= a914=3D"dir4/file20" a915=3D"dir4/file21" a916=3D"dir4/file22" a917=3D"dir= 4/file23" a918=3D"dir4/file24" a919=3D"dir4/file25" a920=3D"dir4/file26" a9= 21=3D"dir4/file27" a922=3D"dir4/file28" a923=3D"dir4/file29" a924=3D"dir4/f= ile3" a925=3D"dir4/file30" a926=3D"dir4/file31" a927=3D"dir4/file32" a928= =3D"dir4/file33" a929=3D"dir4/file34" a930=3D"dir4/file35" a931=3D"dir4/fil= e36" a932=3D"dir4/file37" a933=3D"dir4/file38" a934=3D"dir4/file39" a935=3D= "dir4/file4" a936=3D"dir4/file40" a937=3D"dir4/file41" a938=3D"dir4/file42"= a939=3D"dir4/file43" a940=3D"dir4/file44" a941=3D"dir4/file45" a942=3D"dir= 4/file46" a943=3D"dir4/file47" a944=3D"dir4/file48" a945=3D"dir4/file49" a9= 46=3D"dir4/file5" a947=3D"dir4/file50" a948=3D"dir4/file6" a949=3D"dir4/fil= e7" a950=3D"dir4/file8" a951=3D"dir4/file9" a952=3D"dir5/file1" a953=3D"dir= 5/file10" a954=3D"dir5/file11" a955=3D"dir5/file12" a956=3D"dir5/file13" a9= 57=3D"dir5/file14" a958=3D"dir5/file15" a959=3D"dir5/file16" a960=3D"dir5/f= ile17" a961=3D"dir5/file18" a962=3D"dir5/file19" a963=3D"dir5/file2" a964= =3D"dir5/file20" a965=3D"dir5/file21" a966=3D"dir5/file22" a967=3D"dir5/fil= e23" a968=3D"dir5/file24" a969=3D"dir5/file25" a970=3D"dir5/file26" a971=3D= "dir5/file27" a972=3D"dir5/file28" a973=3D"dir5/file29" a974=3D"dir5/file3"= a975=3D"dir5/file30" a976=3D"dir5/file31" a977=3D"dir5/file32" a978=3D"dir= 5/file33" a979=3D"dir5/file34" a980=3D"dir5/file35" a981=3D"dir5/file36" a9= 82=3D"dir5/file37" a983=3D"dir5/file38" a984=3D"dir5/file39" a985=3D"dir5/f= ile4" a986=3D"dir5/file40" a987=3D"dir5/file41" a988=3D"dir5/file42" a989= =3D"dir5/file43" a990=3D"dir5/file44" a991=3D"dir5/file45" a992=3D"dir5/fil= e46" a993=3D"dir5/file47" a994=3D"dir5/file48" a995=3D"dir5/file49" a996=3D= "dir5/file5" a997=3D"dir5/file50" a998=3D"dir5/file6" a999=3D"dir5/file7" a= 1000=3D"dir5/file8" a1001=3D"dir5/file9" a1002=3D"dir6/file1" a1003=3D"dir6= /file10" a1004=3D"dir6/file11" a1005=3D"dir6/file12" a1006=3D"dir6/file13" = a1007=3D"dir6/file14" a1008=3D"dir6/file15" a1009=3D"dir6/file16" a1010=3D"= dir6/file17" a1011=3D"dir6/file18" a1012=3D"dir6/file19" a1013=3D"dir6/file= 2" a1014=3D"dir6/file20" a1015=3D"dir6/file21" a1016=3D"dir6/file22" a1017= =3D"dir6/file23" a1018=3D"dir6/file24" a1019=3D"dir6/file25" a1020=3D"dir6/= file26" a1021=3D"dir6/file27" a1022=3D"dir6/file28" a1023=3D"dir6/file29" a= 1024=3D"dir6/file3" a1025=3D"dir6/file30" a1026=3D"dir6/file31" a1027=3D"di= r6/file32" a1028=3D"dir6/file33" a1029=3D"dir6/file34" a1030=3D"dir6/file35= " a1031=3D"dir6/file36" a1032=3D"dir6/file37" a1033=3D"dir6/file38" a1034= =3D"dir6/file39" a1035=3D"dir6/file4" a1036=3D"dir6/file40" a1037=3D"dir6/f= ile41" a1038=3D"dir6/file42" a1039=3D"dir6/file43" a1040=3D"dir6/file44" a1= 041=3D"dir6/file45" a1042=3D"dir6/file46" a1043=3D"dir6/file47" a1044=3D"di= r6/file48" a1045=3D"dir6/file49" a1046=3D"dir6/file5" a1047=3D"dir6/file50"= a1048=3D"dir6/file6" a1049=3D"dir6/file7" a1050=3D"dir6/file8" a1051=3D"di= r6/file9" a1052=3D"dir7/file1" a1053=3D"dir7/file10" a1054=3D"dir7/file11" = a1055=3D"dir7/file12" a1056=3D"dir7/file13" a1057=3D"dir7/file14" a1058=3D"= dir7/file15" a1059=3D"dir7/file16" a1060=3D"dir7/file17" a1061=3D"dir7/file= 18" a1062=3D"dir7/file19" a1063=3D"dir7/file2" a1064=3D"dir7/file20" a1065= =3D"dir7/file21" a1066=3D"dir7/file22" a1067=3D"dir7/file23" a1068=3D"dir7/= file24" a1069=3D"dir7/file25" a1070=3D"dir7/file26" a1071=3D"dir7/file27" a= 1072=3D"dir7/file28" a1073=3D"dir7/file29" a1074=3D"dir7/file3" a1075=3D"di= r7/file30" a1076=3D"dir7/file31" a1077=3D"dir7/file32" a1078=3D"dir7/file33= " a1079=3D"dir7/file34" a1080=3D"dir7/file35" a1081=3D"dir7/file36" a1082= =3D"dir7/file37" a1083=3D"dir7/file38" a1084=3D"dir7/file39" a1085=3D"dir7/= file4" a1086=3D"dir7/file40" a1087=3D"dir7/file41" a1088=3D"dir7/file42" a1= 089=3D"dir7/file43" a1090=3D"dir7/file44" a1091=3D"dir7/file45" a1092=3D"di= r7/file46" a1093=3D"dir7/file47" a1094=3D"dir7/file48" a1095=3D"dir7/file49= " a1096=3D"dir7/file5" a1097=3D"dir7/file50" a1098=3D"dir7/file6" a1099=3D"= dir7/file7" a1100=3D"dir7/file8" a1101=3D"dir7/file9" a1102=3D"dir8/file1" = a1103=3D"dir8/file10" a1104=3D"dir8/file11" a1105=3D"dir8/file12" a1106=3D"= dir8/file13" a1107=3D"dir8/file14" a1108=3D"dir8/file15" a1109=3D"dir8/file= 16" a1110=3D"dir8/file17" a1111=3D"dir8/file18" a1112=3D"dir8/file19" a1113= =3D"dir8/file2" a1114=3D"dir8/file20" a1115=3D"dir8/file21" a1116=3D"dir8/f= ile22" a1117=3D"dir8/file23" a1118=3D"dir8/file24" a1119=3D"dir8/file25" a1= 120=3D"dir8/file26" a1121=3D"dir8/file27" a1122=3D"dir8/file28" a1123=3D"di= r8/file29" a1124=3D"dir8/file3" a1125=3D"dir8/file30" a1126=3D"dir8/file31"= a1127=3D"dir8/file32" a1128=3D"dir8/file33" a1129=3D"dir8/file34" a1130=3D= "dir8/file35" a1131=3D"dir8/file36" a1132=3D"dir8/file37" a1133=3D"dir8/fil= e38" a1134=3D"dir8/file39" a1135=3D"dir8/file4" a1136=3D"dir8/file40" a1137= =3D"dir8/file41" a1138=3D"dir8/file42" a1139=3D"dir8/file43" a1140=3D"dir8/= file44" a1141=3D"dir8/file45" a1142=3D"dir8/file46" a1143=3D"dir8/file47" a= 1144=3D"dir8/file48" a1145=3D"dir8/file49" a1146=3D"dir8/file5" a1147=3D"di= r8/file50" a1148=3D"dir8/file6" a1149=3D"dir8/file7" a1150=3D"dir8/file8" a= 1151=3D"dir8/file9" a1152=3D"dir9/file1" a1153=3D"dir9/file10" a1154=3D"dir= 9/file11" a1155=3D"dir9/file12" a1156=3D"dir9/file13" a1157=3D"dir9/file14"= a1158=3D"dir9/file15" a1159=3D"dir9/file16" a1160=3D"dir9/file17" a1161=3D= "dir9/file18" a1162=3D"dir9/file19" a1163=3D"dir9/file2" a1164=3D"dir9/file= 20" a1165=3D"dir9/file21" a1166=3D"dir9/file22" a1167=3D"dir9/file23" a1168= =3D"dir9/file24" a1169=3D"dir9/file25" a1170=3D"dir9/file26" a1171=3D"dir9/= file27" a1172=3D"dir9/file28" a1173=3D"dir9/file29" a1174=3D"dir9/file3" a1= 175=3D"dir9/file30" a1176=3D"dir9/file31" a1177=3D"dir9/file32" a1178=3D"di= r9/file33" a1179=3D"dir9/file34" a1180=3D"dir9/file35" a1181=3D"dir9/file36= " a1182=3D"dir9/file37" a1183=3D"dir9/file38" a1184=3D"dir9/file39" a1185= =3D"dir9/file4" a1186=3D"dir9/file40" a1187=3D"dir9/file41" a1188=3D"dir9/f= ile42" a1189=3D"dir9/file43" a1190=3D"dir9/file44" a1191=3D"dir9/file45" a1= 192=3D"dir9/file46" a1193=3D"dir9/file47" a1194=3D"dir9/file48" a1195=3D"di= r9/file49" a1196=3D"dir9/file5" a1197=3D"dir9/file50" a1198=3D"dir9/file6" = a1199=3D"dir9/file7" a1200=3D"dir9/file8" a1201=3D"dir9/file9"=20 type=3DCWD msg=3Daudit(1191433516.461:3360): cwd=3D"/tmp/files" type=3DPATH msg=3Daudit(1191433516.461:3360): item=3D0 name=3D"/bin/ls" ino= de=3D359898 dev=3Dfd:00 mode=3D0100755 ouid=3D0 ogid=3D0 rdev=3D00:00 obj= =3Dsystem_u:object_r:bin_t:s0 type=3DPATH msg=3Daudit(1191433516.461:3360): item=3D1 name=3D(null) inode= =3D1436230 dev=3Dfd:00 mode=3D0100755 ouid=3D0 ogid=3D0 rdev=3D00:00 obj=3D= system_u:object_r:ld_so_t:s0 --=-ojthau3WDEaqi40ZLcZM Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --=-ojthau3WDEaqi40ZLcZM--