From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: watching files/directories with audit the contains turkish
	characters in file/directory name
Date: Thu, 8 Jun 2006 09:43:12 -0400
Message-ID: <200606080943.12980.sgrubb@redhat.com>
References: <20060606132954.62083.qmail@web31706.mail.mud.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <20060606132954.62083.qmail@web31706.mail.mud.yahoo.com>
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Tuesday 06 June 2006 09:29, Evren Kalayciklioglu wrote:
> So, i am thinking to change the source if there is
> definite character codes. what i want to do that
> change the valid character code to unicode UTF-8 or
> add unicode UTF-8.

I'd be curious to see the patch when you have one.

> Is it possible?

I think its possible to update the code to do this. My personal setup is 
simply ASCII. That's all it has been tested for.

> If it is possible, which file is interested what i want to do in source
> code? 

First I'd see if you can insert a watch and list a watch so that it looks 
right.

When that is working, then check the audit logs with vi/emacs/less to see what 
kind of records you get. You may find the filenames are encoded. If so don't 
worry about it.

Next check the output of ausearch. Something like 'ausearch -m PATH' should be 
good enough. Correct that code to display the characters. Next try to find a 
file, 'ausearch -f some-name'. After that is working, try executable, 
'ausearch -x some-name'. Next get command names working, 'ausearch -c 
some-name'. If you allow host names in turkish try 'ausearch -h some-name'. 
You may also archive audit logs with turkish characters so you will want to 
try copying the audit logs to a file with turkish name and run 'ausearch -if 
some-name'.

Any changes from the above should be checked to see if they apply to aureport. 
Then I'd start working on that program.

As I said, I'd be interested in seeing the patches. 

-Steve