From 19d701ddf07d855128ded0cf2b573ce468e3bdd6 Mon Sep 17 00:00:00 2001 From: Ashlee Young Date: Wed, 20 Jan 2016 01:10:01 +0000 Subject: Removing Suricata and Audit from source repo, and updated build.sh to avoid building suricata. Will re-address this in C release via tar balls. Change-Id: I3710076f8b7f3313cb3cb5260c4eb0a6834d4f6e Signed-off-by: Ashlee Young --- .../src/audit/auparse/test/auparse_test.ref.py | 793 --------------------- 1 file changed, 793 deletions(-) delete mode 100644 framework/src/audit/auparse/test/auparse_test.ref.py (limited to 'framework/src/audit/auparse/test/auparse_test.ref.py') diff --git a/framework/src/audit/auparse/test/auparse_test.ref.py b/framework/src/audit/auparse/test/auparse_test.ref.py deleted file mode 100644 index d25e0645..00000000 --- a/framework/src/audit/auparse/test/auparse_test.ref.py +++ /dev/null @@ -1,793 +0,0 @@ -Starting Test 1, iterate... -auid=4294967295 -interp auid=unset -auid=848 -interp auid=unknown(848) -auid=848 -interp auid=unknown(848) -Test 1 Done - -Starting Test 2, walk events, records, and fields... -event 1 has 1 records - record 1 of type 1006(LOGIN) has 5 fields - line=1 file=None - event time: 1143146623.787:142, host=(null) - type=LOGIN (LOGIN) - pid=2027 (2027) - uid=0 (root) - auid=4294967295 (unset) - auid=848 (unknown(848)) - -event 2 has 1 records - record 1 of type 1300(SYSCALL) has 24 fields - line=2 file=None - event time: 1143146623.875:143, host=(null) - type=SYSCALL (SYSCALL) - arch=c000003e (x86_64) - syscall=188 (setxattr) - success=yes (yes) - exit=0 (0) - a0=7fffffa9a9f0 (0x7fffffa9a9f0) - a1=3958d11333 (0x3958d11333) - a2=5131f0 (0x5131f0) - a3=20 (0x20) - items=1 (1) - pid=2027 (2027) - auid=848 (unknown(848)) - uid=0 (root) - gid=0 (root) - euid=0 (root) - suid=0 (root) - fsuid=0 (root) - egid=0 (root) - sgid=0 (root) - fsgid=0 (root) - tty=tty3 (tty3) - comm="login" (login) - exe="/bin/login" (/bin/login) - subj=system_u:system_r:local_login_t:s0-s0:c0.c255 (system_u:system_r:local_login_t:s0-s0:c0.c255) - -event 3 has 1 records - record 1 of type 1112(USER_LOGIN) has 10 fields - line=3 file=None - event time: 1143146623.879:146, host=(null) - type=USER_LOGIN (USER_LOGIN) - pid=2027 (2027) - uid=0 (root) - auid=848 (unknown(848)) - uid=848 (unknown(848)) - exe="/bin/login" (/bin/login) - hostname=? (?) - addr=? (?) - terminal=tty3 (tty3) - res=success (success) - -Test 2 Done - -Starting Test 3, walk events, records of 1 buffer... -event has 1 records - record 1 of type 1112(USER_LOGIN) has 10 fields - line=1 file=None - event time: 1143146623.879:146, host=(null) - -Test 3 Done - -Starting Test 4, walk events, records of 1 file... -event 1 has 4 records - record 1 of type 1400(AVC) has 11 fields - line=1 file=test.log - event time: 1170021493.977:293, host=(null) - type=AVC (AVC) - seresult=denied (denied) - seperms=read,write (read,write) - pid=13010 (13010) - comm="pickup" (pickup) - name="maildrop" (maildrop) - dev=hda7 (hda7) - ino=14911367 (14911367) - scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0) - tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0) - tclass=dir (dir) - - record 2 of type 1300(SYSCALL) has 26 fields - line=2 file=test.log - event time: 1170021493.977:293, host=(null) - type=SYSCALL (SYSCALL) - arch=c000003e (x86_64) - syscall=2 (open) - success=no (no) - exit=-13 (-13(Permission denied)) - a0=5555665d91b0 (0x5555665d91b0) - a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY) - a2=5555665d91b8 (0x5555665d91b8) - a3=0 (0x0) - items=1 (1) - ppid=2013 (2013) - pid=13010 (13010) - auid=4294967295 (unset) - uid=890 (unknown(890)) - gid=890 (unknown(890)) - euid=890 (unknown(890)) - suid=890 (unknown(890)) - fsuid=890 (unknown(890)) - egid=890 (unknown(890)) - sgid=890 (unknown(890)) - fsgid=890 (unknown(890)) - tty=(none) ((none)) - comm="pickup" (pickup) - exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup) - subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0) - key=(null) ((null)) - - record 3 of type 1307(CWD) has 2 fields - line=3 file=test.log - event time: 1170021493.977:293, host=(null) - type=CWD (CWD) - cwd="/var/spool/postfix" (/var/spool/postfix) - - record 4 of type 1302(PATH) has 10 fields - line=4 file=test.log - event time: 1170021493.977:293, host=(null) - type=PATH (PATH) - item=0 (0) - name="maildrop" (maildrop) - inode=14911367 (14911367) - dev=03:07 (03:07) - mode=040730 (dir,730) - ouid=890 (unknown(890)) - ogid=891 (unknown(891)) - rdev=00:00 (00:00) - obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0) - -event 2 has 1 records - record 1 of type 1101(USER_ACCT) has 11 fields - line=5 file=test.log - event time: 1170021601.340:294, host=(null) - type=USER_ACCT (USER_ACCT) - pid=13015 (13015) - uid=0 (root) - auid=4294967295 (unset) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 3 has 1 records - record 1 of type 1103(CRED_ACQ) has 11 fields - line=6 file=test.log - event time: 1170021601.342:295, host=(null) - type=CRED_ACQ (CRED_ACQ) - pid=13015 (13015) - uid=0 (root) - auid=4294967295 (unset) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 4 has 1 records - record 1 of type 1006(LOGIN) has 5 fields - line=7 file=test.log - event time: 1170021601.343:296, host=(null) - type=LOGIN (LOGIN) - pid=13015 (13015) - uid=0 (root) - auid=4294967295 (unset) - auid=0 (root) - -event 5 has 1 records - record 1 of type 1105(USER_START) has 11 fields - line=8 file=test.log - event time: 1170021601.344:297, host=(null) - type=USER_START (USER_START) - pid=13015 (13015) - uid=0 (root) - auid=0 (root) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 6 has 1 records - record 1 of type 1104(CRED_DISP) has 11 fields - line=9 file=test.log - event time: 1170021601.364:298, host=(null) - type=CRED_DISP (CRED_DISP) - pid=13015 (13015) - uid=0 (root) - auid=0 (root) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 7 has 1 records - record 1 of type 1106(USER_END) has 11 fields - line=10 file=test.log - event time: 1170021601.366:299, host=(null) - type=USER_END (USER_END) - pid=13015 (13015) - uid=0 (root) - auid=0 (root) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -Test 4 Done - -Starting Test 5, walk events, records of 2 files... -event 1 has 4 records - record 1 of type 1400(AVC) has 11 fields - line=1 file=test.log - event time: 1170021493.977:293, host=(null) - type=AVC (AVC) - seresult=denied (denied) - seperms=read,write (read,write) - pid=13010 (13010) - comm="pickup" (pickup) - name="maildrop" (maildrop) - dev=hda7 (hda7) - ino=14911367 (14911367) - scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0) - tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0) - tclass=dir (dir) - - record 2 of type 1300(SYSCALL) has 26 fields - line=2 file=test.log - event time: 1170021493.977:293, host=(null) - type=SYSCALL (SYSCALL) - arch=c000003e (x86_64) - syscall=2 (open) - success=no (no) - exit=-13 (-13(Permission denied)) - a0=5555665d91b0 (0x5555665d91b0) - a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY) - a2=5555665d91b8 (0x5555665d91b8) - a3=0 (0x0) - items=1 (1) - ppid=2013 (2013) - pid=13010 (13010) - auid=4294967295 (unset) - uid=890 (unknown(890)) - gid=890 (unknown(890)) - euid=890 (unknown(890)) - suid=890 (unknown(890)) - fsuid=890 (unknown(890)) - egid=890 (unknown(890)) - sgid=890 (unknown(890)) - fsgid=890 (unknown(890)) - tty=(none) ((none)) - comm="pickup" (pickup) - exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup) - subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0) - key=(null) ((null)) - - record 3 of type 1307(CWD) has 2 fields - line=3 file=test.log - event time: 1170021493.977:293, host=(null) - type=CWD (CWD) - cwd="/var/spool/postfix" (/var/spool/postfix) - - record 4 of type 1302(PATH) has 10 fields - line=4 file=test.log - event time: 1170021493.977:293, host=(null) - type=PATH (PATH) - item=0 (0) - name="maildrop" (maildrop) - inode=14911367 (14911367) - dev=03:07 (03:07) - mode=040730 (dir,730) - ouid=890 (unknown(890)) - ogid=891 (unknown(891)) - rdev=00:00 (00:00) - obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0) - -event 2 has 1 records - record 1 of type 1101(USER_ACCT) has 11 fields - line=5 file=test.log - event time: 1170021601.340:294, host=(null) - type=USER_ACCT (USER_ACCT) - pid=13015 (13015) - uid=0 (root) - auid=4294967295 (unset) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 3 has 1 records - record 1 of type 1103(CRED_ACQ) has 11 fields - line=6 file=test.log - event time: 1170021601.342:295, host=(null) - type=CRED_ACQ (CRED_ACQ) - pid=13015 (13015) - uid=0 (root) - auid=4294967295 (unset) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 4 has 1 records - record 1 of type 1006(LOGIN) has 5 fields - line=7 file=test.log - event time: 1170021601.343:296, host=(null) - type=LOGIN (LOGIN) - pid=13015 (13015) - uid=0 (root) - auid=4294967295 (unset) - auid=0 (root) - -event 5 has 1 records - record 1 of type 1105(USER_START) has 11 fields - line=8 file=test.log - event time: 1170021601.344:297, host=(null) - type=USER_START (USER_START) - pid=13015 (13015) - uid=0 (root) - auid=0 (root) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 6 has 1 records - record 1 of type 1104(CRED_DISP) has 11 fields - line=9 file=test.log - event time: 1170021601.364:298, host=(null) - type=CRED_DISP (CRED_DISP) - pid=13015 (13015) - uid=0 (root) - auid=0 (root) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 7 has 1 records - record 1 of type 1106(USER_END) has 11 fields - line=10 file=test.log - event time: 1170021601.366:299, host=(null) - type=USER_END (USER_END) - pid=13015 (13015) - uid=0 (root) - auid=0 (root) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 8 has 4 records - record 1 of type 1400(AVC) has 11 fields - line=1 file=test2.log - event time: 1170021493.977:293, host=(null) - type=AVC (AVC) - seresult=denied (denied) - seperms=read (read) - pid=13010 (13010) - comm="pickup" (pickup) - name="maildrop" (maildrop) - dev=hda7 (hda7) - ino=14911367 (14911367) - scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0) - tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0) - tclass=dir (dir) - - record 2 of type 1300(SYSCALL) has 26 fields - line=2 file=test2.log - event time: 1170021493.977:293, host=(null) - type=SYSCALL (SYSCALL) - arch=c000003e (x86_64) - syscall=2 (open) - success=no (no) - exit=-13 (-13(Permission denied)) - a0=5555665d91b0 (0x5555665d91b0) - a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY) - a2=5555665d91b8 (0x5555665d91b8) - a3=0 (0x0) - items=1 (1) - ppid=2013 (2013) - pid=13010 (13010) - auid=4294967295 (unset) - uid=890 (unknown(890)) - gid=890 (unknown(890)) - euid=890 (unknown(890)) - suid=890 (unknown(890)) - fsuid=890 (unknown(890)) - egid=890 (unknown(890)) - sgid=890 (unknown(890)) - fsgid=890 (unknown(890)) - tty=(none) ((none)) - comm="pickup" (pickup) - exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup) - subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0) - key=(null) ((null)) - - record 3 of type 1307(CWD) has 2 fields - line=3 file=test2.log - event time: 1170021493.977:293, host=(null) - type=CWD (CWD) - cwd="/var/spool/postfix" (/var/spool/postfix) - - record 4 of type 1302(PATH) has 10 fields - line=4 file=test2.log - event time: 1170021493.977:293, host=(null) - type=PATH (PATH) - item=0 (0) - name="maildrop" (maildrop) - inode=14911367 (14911367) - dev=03:07 (03:07) - mode=040730 (dir,730) - ouid=890 (unknown(890)) - ogid=891 (unknown(891)) - rdev=00:00 (00:00) - obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0) - -event 9 has 1 records - record 1 of type 1101(USER_ACCT) has 11 fields - line=5 file=test2.log - event time: 1170021601.340:294, host=(null) - type=USER_ACCT (USER_ACCT) - pid=13015 (13015) - uid=0 (root) - auid=4294967295 (unset) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 10 has 1 records - record 1 of type 1103(CRED_ACQ) has 11 fields - line=6 file=test2.log - event time: 1170021601.342:295, host=(null) - type=CRED_ACQ (CRED_ACQ) - pid=13015 (13015) - uid=0 (root) - auid=4294967295 (unset) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 11 has 1 records - record 1 of type 1006(LOGIN) has 5 fields - line=7 file=test2.log - event time: 1170021601.343:296, host=(null) - type=LOGIN (LOGIN) - pid=13015 (13015) - uid=0 (root) - auid=4294967295 (unset) - auid=0 (root) - -event 12 has 1 records - record 1 of type 1105(USER_START) has 11 fields - line=8 file=test2.log - event time: 1170021601.344:297, host=(null) - type=USER_START (USER_START) - pid=13015 (13015) - uid=0 (root) - auid=0 (root) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 13 has 1 records - record 1 of type 1104(CRED_DISP) has 11 fields - line=9 file=test2.log - event time: 1170021601.364:298, host=(null) - type=CRED_DISP (CRED_DISP) - pid=13015 (13015) - uid=0 (root) - auid=0 (root) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 14 has 1 records - record 1 of type 1106(USER_END) has 11 fields - line=10 file=test2.log - event time: 1170021601.366:299, host=(null) - type=USER_END (USER_END) - pid=13015 (13015) - uid=0 (root) - auid=0 (root) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -Test 5 Done - -Starting Test 6, search... -auid = 500 not found...which is correct -auid exists...which is correct -Testing BUFFER_ARRAY, stop on field -Found auid = 848 -Testing BUFFER_ARRAY, stop on record -Found type = SYSCALL -Testing BUFFER_ARRAY, stop on event -Found type = SYSCALL -Testing test.log, stop on field -Found auid = 4294967295 -Testing test.log, stop on record -Found type = SYSCALL -Testing test.log, stop on event -Found type = AVC -Test 6 Done - -Starting Test 7, compound search... -Found type = USER_START -Found auid = 0 -Test 7 Done - -Starting Test 8, regex search... -Doing regex match... - -Test 8 Done - -Starting Test 9, buffer feed... -event 1 has 1 records - record 1 of type 1006(LOGIN) has 5 fields - line=1 file=None - event time: 1143146623.787:142, host=(null) - type=LOGIN (LOGIN) - pid=2027 (2027) - uid=0 (root) - auid=4294967295 (unset) - auid=848 (unknown(848)) - -event 2 has 1 records - record 1 of type 1300(SYSCALL) has 24 fields - line=2 file=None - event time: 1143146623.875:143, host=(null) - type=SYSCALL (SYSCALL) - arch=c000003e (x86_64) - syscall=188 (setxattr) - success=yes (yes) - exit=0 (0) - a0=7fffffa9a9f0 (0x7fffffa9a9f0) - a1=3958d11333 (0x3958d11333) - a2=5131f0 (0x5131f0) - a3=20 (0x20) - items=1 (1) - pid=2027 (2027) - auid=848 (unknown(848)) - uid=0 (root) - gid=0 (root) - euid=0 (root) - suid=0 (root) - fsuid=0 (root) - egid=0 (root) - sgid=0 (root) - fsgid=0 (root) - tty=tty3 (tty3) - comm="login" (login) - exe="/bin/login" (/bin/login) - subj=system_u:system_r:local_login_t:s0-s0:c0.c255 (system_u:system_r:local_login_t:s0-s0:c0.c255) - -event 3 has 1 records - record 1 of type 1112(USER_LOGIN) has 10 fields - line=3 file=None - event time: 1143146623.879:146, host=(null) - type=USER_LOGIN (USER_LOGIN) - pid=2027 (2027) - uid=0 (root) - auid=848 (unknown(848)) - uid=848 (unknown(848)) - exe="/bin/login" (/bin/login) - hostname=? (?) - addr=? (?) - terminal=tty3 (tty3) - res=success (success) - -Test 9 Done - -Starting Test 10, file feed... -event 1 has 4 records - record 1 of type 1400(AVC) has 11 fields - line=1 file=None - event time: 1170021493.977:293, host=(null) - type=AVC (AVC) - seresult=denied (denied) - seperms=read,write (read,write) - pid=13010 (13010) - comm="pickup" (pickup) - name="maildrop" (maildrop) - dev=hda7 (hda7) - ino=14911367 (14911367) - scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0) - tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0) - tclass=dir (dir) - - record 2 of type 1300(SYSCALL) has 26 fields - line=2 file=None - event time: 1170021493.977:293, host=(null) - type=SYSCALL (SYSCALL) - arch=c000003e (x86_64) - syscall=2 (open) - success=no (no) - exit=-13 (-13(Permission denied)) - a0=5555665d91b0 (0x5555665d91b0) - a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY) - a2=5555665d91b8 (0x5555665d91b8) - a3=0 (0x0) - items=1 (1) - ppid=2013 (2013) - pid=13010 (13010) - auid=4294967295 (unset) - uid=890 (unknown(890)) - gid=890 (unknown(890)) - euid=890 (unknown(890)) - suid=890 (unknown(890)) - fsuid=890 (unknown(890)) - egid=890 (unknown(890)) - sgid=890 (unknown(890)) - fsgid=890 (unknown(890)) - tty=(none) ((none)) - comm="pickup" (pickup) - exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup) - subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0) - key=(null) ((null)) - - record 3 of type 1307(CWD) has 2 fields - line=3 file=None - event time: 1170021493.977:293, host=(null) - type=CWD (CWD) - cwd="/var/spool/postfix" (/var/spool/postfix) - - record 4 of type 1302(PATH) has 10 fields - line=4 file=None - event time: 1170021493.977:293, host=(null) - type=PATH (PATH) - item=0 (0) - name="maildrop" (maildrop) - inode=14911367 (14911367) - dev=03:07 (03:07) - mode=040730 (dir,730) - ouid=890 (unknown(890)) - ogid=891 (unknown(891)) - rdev=00:00 (00:00) - obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0) - -event 2 has 1 records - record 1 of type 1101(USER_ACCT) has 11 fields - line=5 file=None - event time: 1170021601.340:294, host=(null) - type=USER_ACCT (USER_ACCT) - pid=13015 (13015) - uid=0 (root) - auid=4294967295 (unset) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 3 has 1 records - record 1 of type 1103(CRED_ACQ) has 11 fields - line=6 file=None - event time: 1170021601.342:295, host=(null) - type=CRED_ACQ (CRED_ACQ) - pid=13015 (13015) - uid=0 (root) - auid=4294967295 (unset) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 4 has 1 records - record 1 of type 1006(LOGIN) has 5 fields - line=7 file=None - event time: 1170021601.343:296, host=(null) - type=LOGIN (LOGIN) - pid=13015 (13015) - uid=0 (root) - auid=4294967295 (unset) - auid=0 (root) - -event 5 has 1 records - record 1 of type 1105(USER_START) has 11 fields - line=8 file=None - event time: 1170021601.344:297, host=(null) - type=USER_START (USER_START) - pid=13015 (13015) - uid=0 (root) - auid=0 (root) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 6 has 1 records - record 1 of type 1104(CRED_DISP) has 11 fields - line=9 file=None - event time: 1170021601.364:298, host=(null) - type=CRED_DISP (CRED_DISP) - pid=13015 (13015) - uid=0 (root) - auid=0 (root) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -event 7 has 1 records - record 1 of type 1106(USER_END) has 11 fields - line=10 file=None - event time: 1170021601.366:299, host=(null) - type=USER_END (USER_END) - pid=13015 (13015) - uid=0 (root) - auid=0 (root) - subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023) - acct=root (root) - exe="/usr/sbin/crond" (/usr/sbin/crond) - hostname=? (?) - addr=? (?) - terminal=cron (cron) - res=success (success) - -Test 10 Done - -Finished non-admin tests - -- cgit 1.2.3-korg