diff options
Diffstat (limited to 'framework/src/audit/auparse/test/auparse_test.ref')
| -rw-r--r-- | framework/src/audit/auparse/test/auparse_test.ref | 803 |
1 files changed, 803 insertions, 0 deletions
diff --git a/framework/src/audit/auparse/test/auparse_test.ref b/framework/src/audit/auparse/test/auparse_test.ref new file mode 100644 index 00000000..6cc399bd --- /dev/null +++ b/framework/src/audit/auparse/test/auparse_test.ref @@ -0,0 +1,803 @@ +Starting Test 1, iterate... +auid=4294967295 +interp auid=unset +auid=848 +interp auid=unknown(848) +auid=848 +interp auid=unknown(848) +auid=4294967295 +interp auid=unset +auid=848 +interp auid=unknown(848) +auid=848 +interp auid=unknown(848) +auid=848 +interp auid=unknown(848) +Test 1 Done + +Starting Test 2, walk events, records, and fields... +event 1 has 1 records + record 1 of type 1006(LOGIN) has 5 fields + line=1 file=None + event time: 1143146623.787:142, host=? + type=LOGIN (LOGIN) + pid=2027 (2027) + uid=0 (root) + auid=4294967295 (unset) + auid=848 (unknown(848)) + +event 2 has 1 records + record 1 of type 1300(SYSCALL) has 24 fields + line=2 file=None + event time: 1143146623.875:143, host=? + type=SYSCALL (SYSCALL) + arch=c000003e (x86_64) + syscall=188 (setxattr) + success=yes (yes) + exit=0 (0) + a0=7fffffa9a9f0 (0x7fffffa9a9f0) + a1=3958d11333 (0x3958d11333) + a2=5131f0 (0x5131f0) + a3=20 (0x20) + items=1 (1) + pid=2027 (2027) + auid=848 (unknown(848)) + uid=0 (root) + gid=0 (root) + euid=0 (root) + suid=0 (root) + fsuid=0 (root) + egid=0 (root) + sgid=0 (root) + fsgid=0 (root) + tty=tty3 (tty3) + comm="login" (login) + exe="/bin/login" (/bin/login) + subj=system_u:system_r:local_login_t:s0-s0:c0.c255 (system_u:system_r:local_login_t:s0-s0:c0.c255) + +event 3 has 1 records + record 1 of type 1112(USER_LOGIN) has 10 fields + line=3 file=None + event time: 1143146623.879:146, host=? + type=USER_LOGIN (USER_LOGIN) + pid=2027 (2027) + uid=0 (root) + auid=848 (unknown(848)) + uid=848 (unknown(848)) + exe="/bin/login" (/bin/login) + hostname=? (?) + addr=? (?) + terminal=tty3 (tty3) + res=success (success) + +Test 2 Done + +Starting Test 3, walk events, records of 1 buffer... +event has 1 records + record 1 of type 1112(USER_LOGIN) has 10 fields + line=1 file=None + event time: 1143146623.879:146, host=? + +Test 3 Done + +Starting Test 4, walk events, records of 1 file... +event 1 has 4 records + record 1 of type 1400(AVC) has 11 fields + line=1 file=./test.log + event time: 1170021493.977:293, host=? + type=AVC (AVC) + seresult=denied (denied) + seperms=read,write (read,write) + pid=13010 (13010) + comm="pickup" (pickup) + name="maildrop" (maildrop) + dev=hda7 (hda7) + ino=14911367 (14911367) + scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0) + tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0) + tclass=dir (dir) + + record 2 of type 1300(SYSCALL) has 26 fields + line=2 file=./test.log + event time: 1170021493.977:293, host=? + type=SYSCALL (SYSCALL) + arch=c000003e (x86_64) + syscall=2 (open) + success=no (no) + exit=-13 (-13(Permission denied)) + a0=5555665d91b0 (0x5555665d91b0) + a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY) + a2=5555665d91b8 (0x5555665d91b8) + a3=0 (0x0) + items=1 (1) + ppid=2013 (2013) + pid=13010 (13010) + auid=4294967295 (unset) + uid=890 (unknown(890)) + gid=890 (unknown(890)) + euid=890 (unknown(890)) + suid=890 (unknown(890)) + fsuid=890 (unknown(890)) + egid=890 (unknown(890)) + sgid=890 (unknown(890)) + fsgid=890 (unknown(890)) + tty=(none) ((none)) + comm="pickup" (pickup) + exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup) + subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0) + key=(null) ((null)) + + record 3 of type 1307(CWD) has 2 fields + line=3 file=./test.log + event time: 1170021493.977:293, host=? + type=CWD (CWD) + cwd="/var/spool/postfix" (/var/spool/postfix) + + record 4 of type 1302(PATH) has 10 fields + line=4 file=./test.log + event time: 1170021493.977:293, host=? + type=PATH (PATH) + item=0 (0) + name="maildrop" (maildrop) + inode=14911367 (14911367) + dev=03:07 (03:07) + mode=040730 (dir,730) + ouid=890 (unknown(890)) + ogid=891 (unknown(891)) + rdev=00:00 (00:00) + obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0) + +event 2 has 1 records + record 1 of type 1101(USER_ACCT) has 11 fields + line=5 file=./test.log + event time: 1170021601.340:294, host=? + type=USER_ACCT (USER_ACCT) + pid=13015 (13015) + uid=0 (root) + auid=4294967295 (unset) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 3 has 1 records + record 1 of type 1103(CRED_ACQ) has 11 fields + line=6 file=./test.log + event time: 1170021601.342:295, host=? + type=CRED_ACQ (CRED_ACQ) + pid=13015 (13015) + uid=0 (root) + auid=4294967295 (unset) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 4 has 1 records + record 1 of type 1006(LOGIN) has 5 fields + line=7 file=./test.log + event time: 1170021601.343:296, host=? + type=LOGIN (LOGIN) + pid=13015 (13015) + uid=0 (root) + auid=4294967295 (unset) + auid=0 (root) + +event 5 has 1 records + record 1 of type 1105(USER_START) has 11 fields + line=8 file=./test.log + event time: 1170021601.344:297, host=? + type=USER_START (USER_START) + pid=13015 (13015) + uid=0 (root) + auid=0 (root) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 6 has 1 records + record 1 of type 1104(CRED_DISP) has 11 fields + line=9 file=./test.log + event time: 1170021601.364:298, host=? + type=CRED_DISP (CRED_DISP) + pid=13015 (13015) + uid=0 (root) + auid=0 (root) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 7 has 1 records + record 1 of type 1106(USER_END) has 11 fields + line=10 file=./test.log + event time: 1170021601.366:299, host=? + type=USER_END (USER_END) + pid=13015 (13015) + uid=0 (root) + auid=0 (root) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +Test 4 Done + +Starting Test 5, walk events, records of 2 files... +event 1 has 4 records + record 1 of type 1400(AVC) has 11 fields + line=1 file=test.log + event time: 1170021493.977:293, host=? + type=AVC (AVC) + seresult=denied (denied) + seperms=read,write (read,write) + pid=13010 (13010) + comm="pickup" (pickup) + name="maildrop" (maildrop) + dev=hda7 (hda7) + ino=14911367 (14911367) + scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0) + tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0) + tclass=dir (dir) + + record 2 of type 1300(SYSCALL) has 26 fields + line=2 file=test.log + event time: 1170021493.977:293, host=? + type=SYSCALL (SYSCALL) + arch=c000003e (x86_64) + syscall=2 (open) + success=no (no) + exit=-13 (-13(Permission denied)) + a0=5555665d91b0 (0x5555665d91b0) + a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY) + a2=5555665d91b8 (0x5555665d91b8) + a3=0 (0x0) + items=1 (1) + ppid=2013 (2013) + pid=13010 (13010) + auid=4294967295 (unset) + uid=890 (unknown(890)) + gid=890 (unknown(890)) + euid=890 (unknown(890)) + suid=890 (unknown(890)) + fsuid=890 (unknown(890)) + egid=890 (unknown(890)) + sgid=890 (unknown(890)) + fsgid=890 (unknown(890)) + tty=(none) ((none)) + comm="pickup" (pickup) + exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup) + subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0) + key=(null) ((null)) + + record 3 of type 1307(CWD) has 2 fields + line=3 file=test.log + event time: 1170021493.977:293, host=? + type=CWD (CWD) + cwd="/var/spool/postfix" (/var/spool/postfix) + + record 4 of type 1302(PATH) has 10 fields + line=4 file=test.log + event time: 1170021493.977:293, host=? + type=PATH (PATH) + item=0 (0) + name="maildrop" (maildrop) + inode=14911367 (14911367) + dev=03:07 (03:07) + mode=040730 (dir,730) + ouid=890 (unknown(890)) + ogid=891 (unknown(891)) + rdev=00:00 (00:00) + obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0) + +event 2 has 1 records + record 1 of type 1101(USER_ACCT) has 11 fields + line=5 file=test.log + event time: 1170021601.340:294, host=? + type=USER_ACCT (USER_ACCT) + pid=13015 (13015) + uid=0 (root) + auid=4294967295 (unset) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 3 has 1 records + record 1 of type 1103(CRED_ACQ) has 11 fields + line=6 file=test.log + event time: 1170021601.342:295, host=? + type=CRED_ACQ (CRED_ACQ) + pid=13015 (13015) + uid=0 (root) + auid=4294967295 (unset) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 4 has 1 records + record 1 of type 1006(LOGIN) has 5 fields + line=7 file=test.log + event time: 1170021601.343:296, host=? + type=LOGIN (LOGIN) + pid=13015 (13015) + uid=0 (root) + auid=4294967295 (unset) + auid=0 (root) + +event 5 has 1 records + record 1 of type 1105(USER_START) has 11 fields + line=8 file=test.log + event time: 1170021601.344:297, host=? + type=USER_START (USER_START) + pid=13015 (13015) + uid=0 (root) + auid=0 (root) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 6 has 1 records + record 1 of type 1104(CRED_DISP) has 11 fields + line=9 file=test.log + event time: 1170021601.364:298, host=? + type=CRED_DISP (CRED_DISP) + pid=13015 (13015) + uid=0 (root) + auid=0 (root) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 7 has 1 records + record 1 of type 1106(USER_END) has 11 fields + line=10 file=test.log + event time: 1170021601.366:299, host=? + type=USER_END (USER_END) + pid=13015 (13015) + uid=0 (root) + auid=0 (root) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 8 has 4 records + record 1 of type 1400(AVC) has 11 fields + line=1 file=test2.log + event time: 1170021493.977:293, host=? + type=AVC (AVC) + seresult=denied (denied) + seperms=read (read) + pid=13010 (13010) + comm="pickup" (pickup) + name="maildrop" (maildrop) + dev=hda7 (hda7) + ino=14911367 (14911367) + scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0) + tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0) + tclass=dir (dir) + + record 2 of type 1300(SYSCALL) has 26 fields + line=2 file=test2.log + event time: 1170021493.977:293, host=? + type=SYSCALL (SYSCALL) + arch=c000003e (x86_64) + syscall=2 (open) + success=no (no) + exit=-13 (-13(Permission denied)) + a0=5555665d91b0 (0x5555665d91b0) + a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY) + a2=5555665d91b8 (0x5555665d91b8) + a3=0 (0x0) + items=1 (1) + ppid=2013 (2013) + pid=13010 (13010) + auid=4294967295 (unset) + uid=890 (unknown(890)) + gid=890 (unknown(890)) + euid=890 (unknown(890)) + suid=890 (unknown(890)) + fsuid=890 (unknown(890)) + egid=890 (unknown(890)) + sgid=890 (unknown(890)) + fsgid=890 (unknown(890)) + tty=(none) ((none)) + comm="pickup" (pickup) + exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup) + subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0) + key=(null) ((null)) + + record 3 of type 1307(CWD) has 2 fields + line=3 file=test2.log + event time: 1170021493.977:293, host=? + type=CWD (CWD) + cwd="/var/spool/postfix" (/var/spool/postfix) + + record 4 of type 1302(PATH) has 10 fields + line=4 file=test2.log + event time: 1170021493.977:293, host=? + type=PATH (PATH) + item=0 (0) + name="maildrop" (maildrop) + inode=14911367 (14911367) + dev=03:07 (03:07) + mode=040730 (dir,730) + ouid=890 (unknown(890)) + ogid=891 (unknown(891)) + rdev=00:00 (00:00) + obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0) + +event 9 has 1 records + record 1 of type 1101(USER_ACCT) has 11 fields + line=5 file=test2.log + event time: 1170021601.340:294, host=? + type=USER_ACCT (USER_ACCT) + pid=13015 (13015) + uid=0 (root) + auid=4294967295 (unset) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 10 has 1 records + record 1 of type 1103(CRED_ACQ) has 11 fields + line=6 file=test2.log + event time: 1170021601.342:295, host=? + type=CRED_ACQ (CRED_ACQ) + pid=13015 (13015) + uid=0 (root) + auid=4294967295 (unset) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 11 has 1 records + record 1 of type 1006(LOGIN) has 5 fields + line=7 file=test2.log + event time: 1170021601.343:296, host=? + type=LOGIN (LOGIN) + pid=13015 (13015) + uid=0 (root) + auid=4294967295 (unset) + auid=0 (root) + +event 12 has 1 records + record 1 of type 1105(USER_START) has 11 fields + line=8 file=test2.log + event time: 1170021601.344:297, host=? + type=USER_START (USER_START) + pid=13015 (13015) + uid=0 (root) + auid=0 (root) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 13 has 1 records + record 1 of type 1104(CRED_DISP) has 11 fields + line=9 file=test2.log + event time: 1170021601.364:298, host=? + type=CRED_DISP (CRED_DISP) + pid=13015 (13015) + uid=0 (root) + auid=0 (root) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 14 has 1 records + record 1 of type 1106(USER_END) has 11 fields + line=10 file=test2.log + event time: 1170021601.366:299, host=? + type=USER_END (USER_END) + pid=13015 (13015) + uid=0 (root) + auid=0 (root) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +Test 5 Done + +Starting Test 6, search... +auid = 500 not found...which is correct +auid exists...which is correct +Testing BUFFER_ARRAY, stop on field +Found auid = 848 +Testing BUFFER_ARRAY, stop on record +Found type = SYSCALL +Testing BUFFER_ARRAY, stop on event +Found type = SYSCALL +Testing test.log, stop on field +Found auid = 4294967295 +Testing test.log, stop on record +Found type = SYSCALL +Testing test.log, stop on event +Found type = AVC +Test 6 Done + +Starting Test 7, compound search... +Found type = USER_START +Found auid = 0 +Test 7 Done + +Starting Test 8, regex search... +Doing regex match... +Found type = LOGIN +Doing regex wildcard search... +Found type = USER_LOGIN +Test 8 Done + +Starting Test 9, buffer feed... +event 1 has 1 records + record 1 of type 1006(LOGIN) has 5 fields + line=1 file=None + event time: 1143146623.787:142, host=? + type=LOGIN (LOGIN) + pid=2027 (2027) + uid=0 (root) + auid=4294967295 (unset) + auid=848 (unknown(848)) + +event 2 has 1 records + record 1 of type 1300(SYSCALL) has 24 fields + line=2 file=None + event time: 1143146623.875:143, host=? + type=SYSCALL (SYSCALL) + arch=c000003e (x86_64) + syscall=188 (setxattr) + success=yes (yes) + exit=0 (0) + a0=7fffffa9a9f0 (0x7fffffa9a9f0) + a1=3958d11333 (0x3958d11333) + a2=5131f0 (0x5131f0) + a3=20 (0x20) + items=1 (1) + pid=2027 (2027) + auid=848 (unknown(848)) + uid=0 (root) + gid=0 (root) + euid=0 (root) + suid=0 (root) + fsuid=0 (root) + egid=0 (root) + sgid=0 (root) + fsgid=0 (root) + tty=tty3 (tty3) + comm="login" (login) + exe="/bin/login" (/bin/login) + subj=system_u:system_r:local_login_t:s0-s0:c0.c255 (system_u:system_r:local_login_t:s0-s0:c0.c255) + +event 3 has 1 records + record 1 of type 1112(USER_LOGIN) has 10 fields + line=3 file=None + event time: 1143146623.879:146, host=? + type=USER_LOGIN (USER_LOGIN) + pid=2027 (2027) + uid=0 (root) + auid=848 (unknown(848)) + uid=848 (unknown(848)) + exe="/bin/login" (/bin/login) + hostname=? (?) + addr=? (?) + terminal=tty3 (tty3) + res=success (success) + +Test 9 Done + +Starting Test 10, file feed... +event 1 has 4 records + record 1 of type 1400(AVC) has 11 fields + line=1 file=None + event time: 1170021493.977:293, host=? + type=AVC (AVC) + seresult=denied (denied) + seperms=read,write (read,write) + pid=13010 (13010) + comm="pickup" (pickup) + name="maildrop" (maildrop) + dev=hda7 (hda7) + ino=14911367 (14911367) + scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0) + tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0) + tclass=dir (dir) + + record 2 of type 1300(SYSCALL) has 26 fields + line=2 file=None + event time: 1170021493.977:293, host=? + type=SYSCALL (SYSCALL) + arch=c000003e (x86_64) + syscall=2 (open) + success=no (no) + exit=-13 (-13(Permission denied)) + a0=5555665d91b0 (0x5555665d91b0) + a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY) + a2=5555665d91b8 (0x5555665d91b8) + a3=0 (0x0) + items=1 (1) + ppid=2013 (2013) + pid=13010 (13010) + auid=4294967295 (unset) + uid=890 (unknown(890)) + gid=890 (unknown(890)) + euid=890 (unknown(890)) + suid=890 (unknown(890)) + fsuid=890 (unknown(890)) + egid=890 (unknown(890)) + sgid=890 (unknown(890)) + fsgid=890 (unknown(890)) + tty=(none) ((none)) + comm="pickup" (pickup) + exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup) + subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0) + key=(null) ((null)) + + record 3 of type 1307(CWD) has 2 fields + line=3 file=None + event time: 1170021493.977:293, host=? + type=CWD (CWD) + cwd="/var/spool/postfix" (/var/spool/postfix) + + record 4 of type 1302(PATH) has 10 fields + line=4 file=None + event time: 1170021493.977:293, host=? + type=PATH (PATH) + item=0 (0) + name="maildrop" (maildrop) + inode=14911367 (14911367) + dev=03:07 (03:07) + mode=040730 (dir,730) + ouid=890 (unknown(890)) + ogid=891 (unknown(891)) + rdev=00:00 (00:00) + obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0) + +event 2 has 1 records + record 1 of type 1101(USER_ACCT) has 11 fields + line=5 file=None + event time: 1170021601.340:294, host=? + type=USER_ACCT (USER_ACCT) + pid=13015 (13015) + uid=0 (root) + auid=4294967295 (unset) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 3 has 1 records + record 1 of type 1103(CRED_ACQ) has 11 fields + line=6 file=None + event time: 1170021601.342:295, host=? + type=CRED_ACQ (CRED_ACQ) + pid=13015 (13015) + uid=0 (root) + auid=4294967295 (unset) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 4 has 1 records + record 1 of type 1006(LOGIN) has 5 fields + line=7 file=None + event time: 1170021601.343:296, host=? + type=LOGIN (LOGIN) + pid=13015 (13015) + uid=0 (root) + auid=4294967295 (unset) + auid=0 (root) + +event 5 has 1 records + record 1 of type 1105(USER_START) has 11 fields + line=8 file=None + event time: 1170021601.344:297, host=? + type=USER_START (USER_START) + pid=13015 (13015) + uid=0 (root) + auid=0 (root) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 6 has 1 records + record 1 of type 1104(CRED_DISP) has 11 fields + line=9 file=None + event time: 1170021601.364:298, host=? + type=CRED_DISP (CRED_DISP) + pid=13015 (13015) + uid=0 (root) + auid=0 (root) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +event 7 has 1 records + record 1 of type 1106(USER_END) has 11 fields + line=10 file=None + event time: 1170021601.366:299, host=? + type=USER_END (USER_END) + pid=13015 (13015) + uid=0 (root) + auid=0 (root) + subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) + acct=root (root) + exe="/usr/sbin/crond" (/usr/sbin/crond) + hostname=? (?) + addr=? (?) + terminal=cron (cron) + res=success (success) + +Test 10 Done + +Finished non-admin tests + |