From mboxrd@z Thu Jan  1 00:00:00 1970
From: Matthew Booth <mbooth@redhat.com>
Subject: Assorted questions
Date: Thu, 09 Aug 2007 15:34:06 +0100
Message-ID: <1186670046.6810.9.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0957098571=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from [192.168.1.4] (sebastian-int.corp.redhat.com [172.16.52.221])
	by pobox.fab.redhat.com (8.13.1/8.13.1) with ESMTP id l79Hi5jJ017953
	for <linux-audit@redhat.com>; Thu, 9 Aug 2007 13:44:06 -0400
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com


--===============0957098571==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="=-4aAhCJ9gMp1EnEBiONPf"


--=-4aAhCJ9gMp1EnEBiONPf
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Questions relate to RHEL4 (unless they don't).

What are the meanings of the following fields from the SYSCALL record:
* items
* fsuid
* fsgid

What are the meanings of the following fields from the PATH record:
* flags=20
* rdev

How can I programmatically translate an architecture into human, eg
40000003 =3D> 'i686'?

Is there a way of doing a syscall name lookup without having root?

In RHEL5, what's the equivalent of 'auditctl -t'?

Is there any master documentation I've missed? I'm only aware of the man
pages.

Thanks,

Matt
--=20
Matthew Booth, RHCA, RHCSS
Red Hat, Global Professional Services

M:       +44 (0)7977 267231
GPG ID:  D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490

--=-4aAhCJ9gMp1EnEBiONPf
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBGuyXeNEHqGdM8NJARAqkrAJ9+DC8ODvBWHdMpg0/31z52k+Ro9wCfVuq8
Grffsdad4gsPc3M9ZrENFko=
=b9jN
-----END PGP SIGNATURE-----

--=-4aAhCJ9gMp1EnEBiONPf--


--===============0957098571==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============0957098571==--