rgbriggs
commented
5 months ago On 2024-03-19 22:43, naugustine98 wrote:
Environment
OS: Ubuntu 14.04 Kernel: 3.13.0-24-generic Audit: 2.3.2
Current kernel is 6.8. Current Audit is 4.+
This is extremely old. Please upgrade to something much more recent.
Operation
***@***.***:/tmp# pwd /tmp ***@***.***:/tmp# mv 读/dir2/ testdirAudit Records
type=SYSCALL msg=audit(1710909609.451:393278): arch=c000003e syscall=82 success=yes exit=0 a0=7fff3f56e8df a1=7fff3f56e8e9 a2=4179f0 a3=7fff3f56d290 items=5 ppid=1183 pid=2941 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=534 tty=pts1 comm="mv" exe="/bin/mv" key="test_rule" type=CWD msg=audit(1710909609.451:393278): cwd="/tmp" type=PATH msg=audit(1710909609.451:393278): item=0 name=E8AFBB2F inode=816783 dev=fc:00 mode=040777 ouid=0 ogid=0 rdev=00:00 nametype=PARENT type=PATH msg=audit(1710909609.451:393278): item=1 name="/tmp" inode=783363 dev=fc:00 mode=041777 ouid=0 ogid=0 rdev=00:00 nametype=PARENT type=PATH msg=audit(1710909609.451:393278): item=2 name=(null) inode=816783 dev=fc:00 mode=040777 ouid=0 ogid=0 rdev=00:00 nametype=PARENT type=PATH msg=audit(1710909609.451:393278): item=3 name=(null) inode=816798 dev=fc:00 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=DELETE type=PATH msg=audit(1710909609.451:393278): item=4 name="testdir" inode=816798 dev=fc:00 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=CREATEIssues in Behaviour
The directory with the special character name is repeated 2 times as a parent-- Reply to this email directly or view it on GitHub: https://github.com/linux-audit/audit-kernel/issues/158 You are receiving this because you are subscribed to this thread.
Message ID: @.***>
- RGB
-- Richard Guy Briggs @.***> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada Upstream IRC: SunRaycer Voice: +1.613.860 2354 SMS: +1.613.518.6570
Environment
Operation
Audit Records
Issues in Behaviour