We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OS: Centos 7 Kernel: 3.10.0-1160.108.1.el7.x86_64 Audit: 2.8.5
$ sudo auditctl -l -w /home/nid/audittest -p wa -k audittest
$ pwd /home/nid/audittest $ ls kernel $ ls kernel/ audit $ ls kernel/audit/ testfile $ rm -rf kernel
type=PROCTITLE msg=audit(07/03/2024 11:39:20.891:23602221) : proctitle=rm -rf kernel type=PATH msg=audit(07/03/2024 11:39:20.891:23602221) : item=1 name=testfile inode=201714147 dev=fd:00 mode=file,664 ouid=nid ogid=nid rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 objtype=DELETE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=PATH msg=audit(07/03/2024 11:39:20.891:23602221) : item=0 name=/home/nid/audittest inode=201714144 dev=fd:00 mode=dir,775 ouid=nid ogid=nid rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 objtype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=CWD msg=audit(07/03/2024 11:39:20.891:23602221) : cwd=/home/nid/audittest type=SYSCALL msg=audit(07/03/2024 11:39:20.891:23602221) : arch=x86_64 syscall=unlinkat success=yes exit=0 a0=0x5 a1=0x15a46a8 a2=0x0 a3=0x7ffd31318a20 items=2 ppid=16898 pid=26549 auid=nid uid=nid gid=nid euid=nid suid=nid fsuid=nid egid=nid sgid=nid fsgid=nid tty=pts5 ses=10697 comm=rm exe=/usr/bin/rm subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=audittest
The same issue happens on this environment as well OS: RHEL 9.3 Kernel: 5.14.0-362.13.1.el9_3.x86_64 Audit: 3.0.7
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Environment
Rules
Operation
Audit Records
Expected Behavior
Actual Behavior
The same issue happens on this environment as well
OS: RHEL 9.3
Kernel: 5.14.0-362.13.1.el9_3.x86_64
Audit: 3.0.7
The text was updated successfully, but these errors were encountered: