From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: [PATCH] execve argument logging
Date: Fri, 21 Apr 2006 09:20:10 -0400
Message-ID: <200604210920.10253.sgrubb@redhat.com>
References: <20060421113326.GA27648@devserv.devel.redhat.com>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <20060421113326.GA27648@devserv.devel.redhat.com>
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Al,

Thanks for posting this.

Amy,

To give some background...we have this open bugzilla:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168285

It was agreed last summer that this would be useful for people. It has nothing 
to do with CAPP certification, so it was put on the back burner. No one had 
the time to complete it until now. What the patch does is collect the string 
arguments to execve and logs them as an auxiliary record. It was also put 
onto linux-audit mail list as a proposal, item #1 here:

https://www.redhat.com/archives/linux-audit/2005-September/msg00061.html

Hope this helps...

-Steve