andrew.cagney at gmail.com
Wed Sep 11 01:11:17 UTC 2019
On Fri, 6 Sep 2019 at 17:41, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> On Fri, 6 Sep 2019 at 16:29, Paul Wouters <paul at nohats.ca> wrote:
>> Although then perhaps you should check pluto.log too ? But that would
>> likely give false positives too ?
> It's checking pluto.log (that wasn't changed). I don't think that will
> generate false positives.
> If we can figure out a way to create a DN containing crud, we might want
> to also check the log file for !isprint().
Tweaking things to check the sanitized output didn't help much.
Flipping things on their head, other than the audit tests/machines is there
any reason to be running audit?
> Sent from mobile device
>> On Sep 6, 2019, at 16:24, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>> On Thu, 5 Sep 2019 at 10:52, Paul Wouters <paul at nohats.ca> wrote:
>>> On Wed, 4 Sep 2019, Andrew Cagney wrote:
>>> > Look in nic.console.verbose.txt
>>> > type=SYSCALL msg=audit(1567646808.958:61): arch=c000003e syscall=165
>>> success=yes exit=0 a0=0 a1=55cef7279d60 a2=0 a3=1031 items=1 ppid=1 pid=486
>>> > 5 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
>>> Should it not only trigger for the console.txt's? instead of looking at
>>> the verbose console.txt's? If it did that, we could add a sanitizer to
>>> strip out: tty=(none)
>> I'll try this - nic's sanitized output already looks pretty empty.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Swan-dev