From mboxrd@z Thu Jan  1 00:00:00 1970
From: Nikola Ciprich <extmaillist@linuxbox.cz>
Subject: Re: strange arguments in some EXEC audit events
Date: Mon, 2 Mar 2009 18:43:07 +0100
Message-ID: <20090302174307.GB31524@develbox.linuxbox.cz>
References: <20090302141744.GA31524@develbox.linuxbox.cz>
	<200903021015.43019.sgrubb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <linux-audit-bounces@redhat.com>
Content-Disposition: inline
In-Reply-To: <200903021015.43019.sgrubb@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Steve Grubb <sgrubb@redhat.com>
Cc: nikola.ciprich@linuxbox.cz, linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Hi,
as Eric suggested, message was relly just encoded, thus
everything seems to work as expected.
Thank you both a lot!
nik

On Mon, Mar 02, 2009 at 10:15:42AM -0500, Steve Grubb wrote:
> On Monday 02 March 2009 09:17:44 am Nikola Ciprich wrote:
> > I'm not sure what
> > "66696C65202D4C202F7661722F6C6F672F61756469742F61756469742E6C6F6720323E2F64
> >65762F6E756C6C" argument might be, is it somehow encoded string? It seems to
> > remain unchanged across multiple events... Could somebody shed some light
> > on it for me?
> 
> You should be able to see the record's text by using ausearch with the -i 
> option. If ausearch is not displaying it correctly with that option, then you 
> have found a bug.
> 
> -Steve
> 

-- 
-------------------------------------
Nikola CIPRICH
LinuxBox.cz, s.r.o.
28. rijna 168, 709 01 Ostrava

tel.:   +420 596 603 142
fax:    +420 596 621 273
mobil:  +420 777 093 799
www.linuxbox.cz

mobil servis: +420 737 238 656
email servis: servis@linuxbox.cz
-------------------------------------