Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # auditctl -l
- -a always,exit -S all -F euid=0 -F perm=x -F key=ROOT_ACTION
- type=SYSCALL msg=audit(1550318220.514:11479): arch=c000003e syscall=59 success=yes exit=0 a0=56002fde79a8 a1=56002fdeffc8 a2=56002fdee3a0 a3=0 items=2 ppid=7250 pid=7251 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 ses=1 comm="tail" exe="/usr/bin/tail" key="ROOT_ACTION"
- type=AVC msg=audit(1550309442.438:207): apparmor="DENIED" operation="exec" profile="/usr/lib/slack/slack" name="/bin/dash" pid=2893 comm="slack" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
- # cat /var/log/audit/*| egrep apparmor | wc -l
- 40574
Add Comment
Please, Sign In to add comment