From mboxrd@z Thu Jan 1 00:00:00 1970 From: Joshua Ammons Subject: type=PROCTITLE events not being populated in /var/log/audit/audit.log Date: Wed, 10 Jan 2018 22:41:03 +0000 Message-ID: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6852224988083243895==" Return-path: Received: from mx1.redhat.com (ext-mx03.extmail.prod.ext.phx2.redhat.com [10.5.110.27]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7C23D65606 for ; Wed, 10 Jan 2018 22:41:24 +0000 (UTC) Received: from ppes-mail-e5.wal-mart.com (ppes-mail-e5.wal-mart.com [161.165.133.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A60ED40D9E for ; Wed, 10 Jan 2018 22:41:06 +0000 (UTC) Received: from pps.filterd (ppes-mail-e5.wal-mart.com [127.0.0.1]) by ppes-mail-e5.wal-mart.com (8.16.0.21/8.16.0.21) with SMTP id w0AMea8X030704 for ; Wed, 10 Jan 2018 16:41:05 -0600 Received: from honts35016.homeoffice.wal-mart.com (oser500441.wal-mart.com [10.24.131.32]) by ppes-mail-e5.wal-mart.com with ESMTP id 2fau0976st-1 for ; Wed, 10 Jan 2018 16:41:04 -0600 Content-Language: en-US List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: "linux-audit@redhat.com" List-Id: linux-audit@redhat.com --===============6852224988083243895== Content-Language: en-US Content-Type: multipart/related; boundary="_004_DM3P100MB0140055AB09C7860B6C96F07F2110DM3P100MB0140NAMP_"; type="multipart/alternative" --_004_DM3P100MB0140055AB09C7860B6C96F07F2110DM3P100MB0140NAMP_ Content-Type: multipart/alternative; boundary="_000_DM3P100MB0140055AB09C7860B6C96F07F2110DM3P100MB0140NAMP_" --_000_DM3P100MB0140055AB09C7860B6C96F07F2110DM3P100MB0140NAMP_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, I wanted to check if anyone was aware of a setting on RedHat box for enabli= ng the PROCTITLE event type for audit logs? Is there any difference betwee= n RedHat and CentOS? I have one box running RedHat 7.3 and another running= CentOS 7.3, with auditd enabled on both with the same rules. However, onl= y the RedHat box is populating the event type PROCTITLE - the CentOS box do= es not. I would like to get the PROCTITLE event type working on my CentOS box as we= ll, if possible, but I cannot find any documentation online about anyone el= se having this issue and how to resolve. Thanks for your time. Joshua Ammons Advanced SIEM Engineer, Cybersecurity Global Business Services Office 479.204.4472 | Mobile 479.595.2291 Joshua.Ammons@walmart.com Walmart 805 Moberly Ln Bentonville, AR 72716 Save money. Live better. [cid:image003.png@01D38A31.CCC17F20] --_000_DM3P100MB0140055AB09C7860B6C96F07F2110DM3P100MB0140NAMP_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hello,

 

I wanted to check if anyone was aware of a setting o= n RedHat box for enabling the PROCTITLE event type for audit logs?  Is= there any difference between RedHat and CentOS?  I have one box runni= ng RedHat 7.3 and another running CentOS 7.3, with auditd enabled on both with the same rules.  However, only the R= edHat box is populating the event type PROCTITLE – the CentOS box doe= s not.

 

I would like to get the PROCTITLE event type working= on my CentOS box as well, if possible, but I cannot find any documentation= online about anyone else having this issue and how to resolve.<= /p>

 

Thanks for your time.

 

Joshua Ammons Advanced SIEM Engineer, Cybersecurity

Global Business Services

Office 479.204.4472 | Mobile 479.595.2291<= /span>

Joshua.Ammons@walmart.com=

 

Walmart 

805 Moberly Ln

Bentonville, AR  72716

Save money. Live better.<= /span>

 

 

--_000_DM3P100MB0140055AB09C7860B6C96F07F2110DM3P100MB0140NAMP_-- --_004_DM3P100MB0140055AB09C7860B6C96F07F2110DM3P100MB0140NAMP_ Content-Type: image/png; name="image003.png" Content-Description: image003.png Content-Disposition: inline; filename="image003.png"; size=6820; creation-date="Wed, 10 Jan 2018 22:41:02 GMT"; modification-date="Wed, 10 Jan 2018 22:41:02 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAJwAAAAlCAYAAAC3fYDwAAAAAXNSR0IArs4c6QAAAAlwSFlzAAAO xAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUATWljcm9zb2Z0IE9mZmljZX/tNXEAABokSURBVHhe 7ZwJfFTVvcf/d5klCdkIbqCggNjgHjFAnltp3LdW9KFipbYVtVof1uVVQK43ILXutu5WrfJwQ2uf rZVVBTWBqHFDo6gIKLshe2Yyc+fe9z13JisJhFZ97/OS8/kMkzn33LP8z+/894Np27b0lT4KfF8U ML+vgfrG6aOAokAf4PpwsMsUmFHwQG5C63eTkWHkuw3uk/ppq/5UUmJ7PemoD3A9oVJfmw4UcCVz rNHfvEx0TbyGxMjqeUOfokFDT8jUB7ieUKmvTUfAmWaNXp8QCQA4TbbkyupIT0nUB7ieUqqvXRsF HGdbQpO4EdYDmqZXlVTaoK9npQ9wPaNTX6t2FDDDTl2i2awTQ/LEdb/ZFeL0CsBZdUWXiRk+0ydM pOkJO2/5ky1EsqoKD5FAaLZwVMWJbZMm/VJ7UKmvj1hV5wbEXHufGOG9Jd5cKyG5xE4vrd0Rgf3+ gqHfiREwxIm+YGeVPrgrG/JdtbVCRWHZ7N0jofR9JBb52M4uvaq7saaPmnuulmFM0CLe3SXl573W Rbs66gCclie6vrW7fqaOmnOtmW4WOg2x62dXTPpctesVgOMUmhLOOlHAlMSaoqy7FXASCBZLvwGn Shw1xAjwqb+L528nibhuX9GMX0q//iI1Gz6S1TUNctBOIBHQ95Bw5ikSSOOd9V/T+v8E4GR1bkAy qs+U9P4DJLp+CPPqEnAzCucOdV15XAtpQS/mnjq9cM5Mvf7z2R3EZvHqRu/vI5p8Hc7ztnWmyHX5 jw8JZQb+oKUHzpAMaN5g5syYYZ2gLNneAbiE/qrUb3UkmMZ6teFWTqFp15Q7PqHcxGiJNYo0w9SC Gfw2D24FnAG8zCDPeK7J3+2DKnuiqzh+e1c11XqsTH9XnK2139xqV2JePXMbIOLV7GC8PD1ND0qz K5oHpDICJZ424tipBXOvnF0x8WP1ngLO1CPmfgWHO1A8+bJ9X9ML556j6YG7tLA+UKKuSEhTtBso 8wTkSaJ3AE6cz8TVv2DlB7DoIbLBHCTpstYXM17iCEQpe+Al4ICGeO6RtHnMJ6KWOFwMAOc081x7 xcqfocuKxQX0VYBs2I0WjuhGpbwfmW+PLaeTToXjr2oQ6WPEDOWJk9hqZy0rt2rGFPN7lLgeHTt/ Q+z64oZ2h4noxfRpiht/k/rX2/dobS4cIWlBNb99EGW6uPK1xBsW2nkVm/z31xdlSYYwVsAUPV4u NxdXyW9f/5nEmkMSlKdZo0u/PgCsujFXMhaqv7xg55Wuax2nflWF6ww/RwsYV2qGHM0Ygnj9kd7g voGIvGbx558/UV5jO2bImSxb5ID6yNY31bvXFTw+wNCNmXrAuFRMH2ScOa/Zq3GeNQ3z1hYO2SsA Z+eVN1u1RW8DqAPQ1/qhW42ARmulWoYjRvcDUOrEf8ImjkGXO7SV+J5xOHWCuN0iQf09KV00T9Iy zxK6EB3Sqc2Lws0Oct+x6grPt7PKV3WEnMZ2qXPtPSAZWYdKbPNHVvXY1yQj+3IfyAmYbHP9dIB2 BiA+VAKBeyUtCwzSLyLeqimaZueUzvbBVDPWlsz06Yhr3X8X7Pic2dA20u5i2r0kmbI/E1sgwXSR pupr5KpFRZIz8CyJbdgskfS/iNGU8A+XbuyDinE334i7KgX2VsClgPEcdc9NHzP3ZC3q/lrzvJP1 vECu3qg/Ujxi5Fvl5fJhSemkr2ijPn4xdfMyc0joUqlxxK13t9H1HFeTh2avSHLF1nYdCfT/+Jfn lrJLE/3NikcPY6WLJCajJCNHh+ifIj8Ws4ljaDPSasrPkdVSL3t7I9kdxd3exVjYYsXG9gNkG9Hn FsEcNiFORgPYYyUt+wj6uI8+i0FhEmQdCtxTgUP0kRLOOFCa6tbBbTLhRLnoiP0B3t/FNHN8o6Vu SwN9Dgb4cAntJqup6EXGXqnYLeBvlNpNS0T3Vomno19qZwHAvQDoE7QbBlIj4gIipR54cgXg3ZfD pWbC4C3SnX4V41VcWwEuoXerJsxaPvFl3n0ZcXqsUetMcZs9F87WQYS2AsmV+d7G+Kle3Fuqa8b9 JWUT1nSFpl7B4fyF6/oK9BePk628lUpPo6C/BcJ8ex/RYAkbPx1AsvG5w2WobJSYuy8iV3GRpGgL apNFNm2xcytbdTM4z2ts+LEA4ods+l606kJvg9MpjhRM0yTW8KA0atdIZmIgXG0hwB0CaHKYWyl4 GS9p4Yg0x+diTZ7qGx7NdafS50oJRu9DvD1s5y7f2LKRcLaZgGc6HLe/ROuKURPeliZJUGfQ574S rS1HdN/GGGsRqTGJIyQDIcAWW8UBIFJgepLmvr8zNoPutpQ26tNtKamY+BYPObA7Lr0HcPVSKenu OnSLIXAzpctREJ9KLBp6ucTT3keMRSUtJyzRmh8Atiw2UseqpZ25TLWG06wFVLtbDUedK3F0PV0w X2Vf38INhHGrRAfxO2mMdC46FnC0vkGCzTPtQRXK7bLKqh7zooT7/VoSgNpL/LFVF3OOegDQKKDB MGVwcuyKbyxrpWFdfemP0f2OAsADWcv+cGvGBpi6PkzqWYcB91LWdiyyGTXgdDt96Rb1vtV0QYZ4 X+hwVH55NXbO8ld2Bo7v4nmvARy+tSarevQ7iCFcAtog9KZD2bQRElEuJbPCzltSjX71pRhmPpt8 CJV7+RsZbdwgTdr7gmqFsv8rntuI0AGSwaaqzY7WwygBrRJPcUyJAJykq6JEpOch2sLIslTRtRpf u/Z8jCqZmyputSToRlnIvkxXPsGio+XqY+6H8x3IR3GppPUcU2Bnnm47F5d6Lx5daaeX+WDzS/Vq DYNCgU39o1DX4zIj3zLczBHniONqsyp+quKm25UZRY9n432a5MZkORyxvLvOew3gfAIYxpuoWGdB 9Cy4xOmAJ0+am1CosTQBFOU9AJDP8wL2ucb322neW/agsjrAdhIc716fQzRUrWaHb4erVNDPZAll XJR0gyR3s9uiga4Imw1e/OJ12Pg2EMQdDf9gqpEbgav2p+ULiMk8xGS9RGrvREwuhMseIcHg3b6+ 13lsTcnwbkuPMjsAUVgcc0LCO+ByI0M/En1PphbOfW92+cTKzj07MYyGwTi8v44500fPnad7cl9J +cQ3OrfrXYATWZ70qemZcLezk5zBAVDJyALgeQtudR5/4d5lTxTnEnx4/nZqF/kGR3ODB8+50M5a 7rsDrNrRpyQt1p646HYIx24eYig4cqKkZ+f5XM91b7ZzylKWa2GAQ9P1e55inR2K+p2q83yu2V1R 6UeOnnmh55iT8aeNNJSbg5JocP9hRsxWrjnDsowSOxVHdaXM2xhbq2cZQ7DKz5Mm97xpRz65QENV mPX2T19qGat3Aa4e5Tsjtokw154YCIemOAPWa6oE4FjKwtONPfy9idR6qOCpU6pl+waED8ykcELM 7YE/4Ce+xadKACW8GxXun4Fay2BMKKeNd7qcEsa2ZmjymyW/SFrRDKvDUxI7YGrhwcj/tY7vitGM 4VZN4XG4YeFUTo1yG7XMb+rBc4d6RuZCs58xDEexspTFbUw0c55uQFTe2truiCdnecvyz5la//il s9+e9KoyLK4reKAokMi600jT/l354gyDg6IFTpxWMHeOcdqqSb0n0pCiEpxMica3iSichlWX1IN0 5S5JlXj1SjGy6/BjZfkbHI/gAkjgkvBB9iocDgJGldI1B4V/BQp6IUr/Hr7LQxkF4gQk7iQkjCXo i+N2HEX99ivbFfXcb8cngRO2rbTV46vHZfJmyr2hWlzH2IfiY8OXln2Yr8MpLucqf4hfjNQwHcay 856O895K9MLh6HcoEAFcO24tceITeeed1qEDMgBH7zAVaZCQLl6T+w521RUAanmHuXvej7X+5gi9 NoGFDm0ot1RcuoGvCdMLn3pF073fa6ae7TuBRf5NgU390bs4nFpxwr0NsXocin8/dLEqROoHLYS0 8yqrcDXcBgJKABL4aSprPf1RuVf0b4pQ2IkP9tsdS/B0qd+8ViI1xCS1aZJBjLKuaQBcDkvY96Ep MZwEkfr2/1SirB2uWurVsw5qvIrApfoQLdNOX/aBtW10CW6VaZKWG5RgmLG3Jhj7ejo9XdL2KOIA 7c7YIERxMH+MziJVWeOzMHLQ+9L2Yf4mIjpPYrUtyqI/VXO1vBvfLzEnkG2Mdxuch/XAN9Nmr5jS zqARId4achJaQBrg+JqX3QGI/JhVft6DUwufedNoTjwgrnYI52n29IK5Z+ph59VeBzgAtJSMjlFs zsH4wb7CFVHdnmB47GciKpfAMgbCAVutrZSedybPTsRfNgKn7Xpp0JZgUNQSZVgAOA+GS70le8g2 2eocKSZSKiSbk7uoTQQIGXDBuCQGEuxOMdWg3EP98+KhKwbFD2/5JSrvSiB+pA+eoOZnY9j9V1hY 1i9Ks1PIgcFXE3vdzilfjUHxkDTVjhPN/EwGD9wgX6wbJV6zBvdS5neHQqjsHauq4Ej8isUSbcil zRqpN30LvKWU1EyMzzjdmuTMH2HPfusCwoFdFMfJ0jQTw0sFUfTdu2oyu3zCSoA5ThqNvWZWnLcW Y+MA3TGjvQ5w/ubllX/K16eifL5dFGKLSUS0WJPt2vBsAT/Vp/U5IS1ltVWSHYZRwScrlW2S4h1s dNKq68BLfL/eemrXb1efNGKSGSvt3lGAoaZN/Km1pJeqbI3n/LXU8MlLPe80VssSOGDqEMxtXVs7 sLW0SYm/rsFGI8cEbA6czVH2k0syQNcFK1W5iNaqp1i2iua9UKR2R52++p5TwJFsw9DSYG9KW1DH rMelV3K4HlOnr2GXFEAR3RPDQrmRlKK416/z78r4Y2VHPa870nUAHPJ9fwmkn42ZTfjH+Bpl4vmU uCB1pnAsDLEBtv5hd52hT8Bm5d9kdPF8u7JkR47H1i5Ik/khroU1iIYOQWH0lQMJdI+TaKQfbooE i/uE1J4XdxUDKvdN1pmk7Aie91IldL6XAi3IQtF/jlaNUo1/z3RVEL722xjcqjtmKIIth72o+Db6 29U+SGddI02Jr/ycN3ybuRt36zq60kXHrYDDOrtCgoHfoMC+gVldiWP0YDHSLqd+For0vfhsLgfS Ko2lW8Ah3PfFz3OnrF6s4nR+msJOi6tNB6RzadcxCyGRuFBizngU5xcAW7rKvCVQfo6MPX5ST8Hs j/2FiUXpvYRP6Vz0FpX98J0XDucI5vzf0OsV/GNfQs+JEnHCjP/wtzK4G78SWVZEX4XfSn+72An6 2MfX5T9zuBmWPRd/8cmnKj+up134gANUP+EU3oRpfjynsNUy4ySxKDdl9noRCLdjEMXxXmlevd1c 1jOwJWfZiLWjXPqdi0ng/K9YZ9f6c6wq2Buf0cckQBailHf0Ce1otUdVb5I3csl/S9T0lCj/cruE cQmypoyDyiH1y23W+j27MVH+idEatRkYCcrx979WbqmcUIWZVLWrEzCtGcpjvfhGAHc9mQUdgq6I sDanaKeerbqjEIWhYlJz1kr8g8fsvJo4JED0SdjnloHAQLIg3rWz3pjnA8b9Ua40NI/HeTock7wU S3HH4hHPoZ/S01LSwrVwqSgpNnHEVQZccZSMrn7drqx0cVUMlIAzBPFf5gMzlI0oi8fgLvPsymVf WFI4WKLrav30IUd2x0k6GOduEc7UCsSSPz9/jnXHFPDOT/DN1Uq/pkdsvaLaWplvyN55F3IxZjju kGVye/FCuXJ+kFjnJcks3shCuf34Uv6Plrb4pOttwRVytFVWGGzJBLYHbWo9hMx3tISDpzPFKo7b I75DuqlgiDjhXFw1BzLWSPp9nlgph91VtPIjAX5kQ2QYYFMWpMo49jcc9aMAj/6PSZlrxGE7B0ta OWDFaig6TvS044mEkBkce9RPRG06NU2c6l+KmTYgOfdi5l7So9jqroKrq/am/HYxOVyYuEH9bzvv MAkAvPW/hWNMQtyRqU4ajfGDc6wq9zRJc5rIldgdx+MROFgRv9qNiMFxxP4uk+pIvgQM0mpinxDz uA1Q9ocD/LnbMV04qhkYR7tLAQGpNe4E2j4JMcmuPeYw0oru42LIEdRFxXB/iIPxIjb4FMk3nkEH rcAvlY4f7QRCQA/IlEWPym4jxkt9bBCbCdCbF3AYPsYPewtrGUCqzv1s2nj6vFn04LPM/2CpC863 gkXFJAf9CvqcSayUfDk5X54lcbNUv9PPOkk4HzHWefLss2VSWdm2aVGdDF93nBySUW41HPOw6Fsf tdOTOXSs53xE/I3Q5xmcrySAxsaT6n6C1JC2bhh/Fi32EmtVuh66K5zM1VW6+xM+nUzvBmQIINNQ P7yzqTmN+ePjc2/m2dPQYBB9P0l/J8lWYX+8Keh6T6GOHI/T9wxuoZ0hxjry48z9mPvK5NyFue8k 6WDnwOhxC1Mi0ZAYIT+Q0/KWr2ivMa/x03Aite8DjDmIShVXJHOhYBDEnsxpGmdnLF2TAuDLLOgK /n6Gzzo7+82L/PqmonsBYIVVdQyna1kpvz+UiDkQ4qT7wXORP7PU7cPM6mWyyxDh5Js5h6MPGRBJ 5dxkWlU5AbiZCmq2JTomiPQZekQOHWBIbNs+kojeCoj+6s/hbseUL42oODiNDOJPbrySZ2psdXDW MsbZcLGHZBCJjBoRhluP+y+5++WArNFJrNTJAnHy2LAtdr/XbvDpU1kqlowhlVtbaWcuvS5Z15He cCwFmBORAj8F+JeLt/tlVlXuRLm7+AO5etH14mikji+bR2YxroWcUtnsXoATdgMghNZl57fuQ13h I4xNvFSegLvlAaajcASPI01oPHvRgAM7BJ1sxPfFduay+Sma70/qPPdFvasxti6x+y19NXXX4R3A djptBhAT/szOejM197Ieg+XbaIgONwJrdC2JhlKEUvuX1k5VjRsnUdE7ibo5KKkuC46SG8/FksQn dna5D7ZUmZdKGHxWAcjKOTdo1zwdS6Zlj/lQjNgwNlfdYZwN2FbDuUhabPYvfvhA7iIKQ5W6e/CC nVs+1Sdkfr4updkfizFyEhbnIhysLhzV8x2thk5GrRew01+KWLGiXwKiO6z64yYD6im2LFtlydgU 93EJ/bTXO/Rqdc9NhuZmI4oG8N6ZctWCM2WNWmuAQHeMm155M8Wpe9hqOHYl6sPtHL7HUAsuBpxw xaPfg1vOQJR3qR6gTsxRtIMj3wbtHpNrFp/P+NnoymfD6eDY6AxmiGwQAruuCsb6nK2tDIb/rJEp cN/hVKp9qFCOXmgZhpZQgIxkTasDpD7YVOH5Zxgth0OU/nR/MTl+V0gGWQdGcCvrcfn8h4QyH/Pn Hk/MQGLssuX/rwDP9IO6NUXcnfTusary3yCeuMW/Qpcld1ibCxZLKKxYeqpAlIC7FoffPh0HVRdP tK/QLVwAwBW8p9ubyXsR8tkKwWdB0OlcwP0Hp5WUHpmyw4kr6d0a/IaQSleTsRtFc/eG/cH9JMw8 U1kOpP35t11ol1O6kK+DrLrjZnJgXuB0j4XgbUZJ+xw0rqPAKXgvF25ZFcFzfoescsvlZPqpKWtv eZ3Lph/DEM9AK7Jll73AGCfzN7l1xqNqPWxcm7HVVIRk+LjW12tVMbfOknj2RDY4DbFZz4i/l8HE cF9eJfZYbp1Q6P9niMSOAfea8hjc9GnmNZN31IH9z3Y0wxFmcuvdy1U6bKvetj6/n2SqJM94HTJi GpfUvpaN77udrjiezHhnoQ49yvcp6LHdJkz+K+Dq6t2kW+TO4t9hOBwogQHliIE/Ika4wWTuJhnG hZzqZEzOzxf18uyssg/JOvick/M8Mbk72OhR6HMkMwZUfM4ULXQYz//AiXqGDf8FHKxWhjmv+2JN 9KM57Y1wyKs56angi6euQHURiCHQrQXH4qcb74NJ0wsR4yMloE8me7VK0vfLRj/iqpu7ks2Yik7W yDU+Q0oXzpRQiEwI51PESpqECTJ73GfC2Ye6BxfRGa+luIyr5fqcsXnsc9zCvEcODF/FHSbTSpDn FjJmsGlY8CbKu/aGuLE69CqMoqMmI64aJeh9yv0DNtf105VaS8Q9X4KHXGg1yC0cQURl/Fpltcof Tn5PpixYiO54v2wIXyP5B6VZNYkTJDHkegmsgftq7eaW6q1Rf4gDQzhKWwAw3k3VhuDM/e28siqr duxijs1fMBDQq1FX0mNc02vgplboNQ75nyS4YboM3W03qzp7jBTV3iAruDEmwW1IiU+Y1/Zz/7YR 1qk/H3ApK2UiGziBUzYRvQEl2VXcYymweMR/J+EtIuCt4nYqbeUCafZKCEbfyMJr0T/OwqIlkPwj OF8jxCWga5o3cqI3SyAywa6piFlG0ZXU/x7lWyU3zodTJfvSDbiFyyWWTkXTFtN+MPNRjmgTq6+a zS5WIkPFAa26oZcBpGsB2kl+H5q3Sc5he1dwW9Jxp4FRuIv7c/5bB5UB8jS6IGnbJink7rNtI+mf AASld4rcdfw0uWpxE6f+Rt5DXGlLZCCJbl8QFA9418GZsF69ORy4pxBp8ED9V7TJ4NDNsnPLkkma rcV9kH6bmPckqoL8/b4E+2PI2qgb7rWyTrtBHAPdS2umzULFgWTwbitFc9T1vA7Ft2DrxlzPWO+1 PtCJl7paMml0SOIyWRNAv9QxKDRcTO5N/v0HOfVyad42iznPYowotFRc2YNCn3FAk3PXvJtIJO00 9+124lut6BBpsPstU8RPbkDnhectT1pKFDa9kU2/ers26Uu+op70ni7eT0YoTtnunSycyl21z1nu X1HrbrWc9n/wTH3aSgnuuSy5iwr1aS0tdzuZm8pWTea3qXW0C4anDh1iX9QnWWr45AFhEbhs+/52 MrekG+NPqU/7VxHVvrpidajMUb8qlVjrUrQBirs6jJ8EiQ8Uv7+cTv2perj2dnukjJscn6bfiwO8 wxpTP/piqV1Rpa/uO6PA/wDRx+aJFPOAswAAAABJRU5ErkJggg== --_004_DM3P100MB0140055AB09C7860B6C96F07F2110DM3P100MB0140NAMP_-- --===============6852224988083243895== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============6852224988083243895==-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: type=PROCTITLE events not being populated in /var/log/audit/audit.log Date: Wed, 10 Jan 2018 18:22:10 -0500 Message-ID: <12529563.ICzKhQbRlM@x2> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com Hello, On Wednesday, January 10, 2018 5:41:03 PM EST Joshua Ammons wrote: > I wanted to check if anyone was aware of a setting on RedHat box for > enabling the PROCTITLE event type for audit logs? Nope. > Is there any difference between RedHat and CentOS? I have seen studies that show there are differences. > I have one box running RedHat 7.3 and another running CentOS 7.3, with > auditd enabled on both with the same rules. However, only the RedHat box is > populating the event type PROCTITLE - the CentOS box does not. You might move that box to Centos 7.4. The proctitle records was a kernel enhancement shipped in RHEL 7.4. -Steve > I would like to get the PROCTITLE event type working on my CentOS box as > well, if possible, but I cannot find any documentation online about anyone > else having this issue and how to resolve. > > Thanks for your time. > > Joshua Ammons Advanced SIEM Engineer, Cybersecurity > Global Business Services