Focus on Sun
BSM Audit - system call argument May 15 2007 04:15PM
nvk (nvkanaskar ualr edu)


hello ....

If anybody knows about sun's bsm audit
record format, please help me.

I am not able to understand how an audit
record for system call can have duplicate
token for the same system call argument.
For example -

header,182,2,ioctl(2),,Mon Jun 01 07:56:56 1998, + 788290611 msec
path,/devices/pseudo/cn@0:console
attribute,20620,2122,tty,8388608,11409,0
argument,2,0x7415,cmd
argument,3,0xeffff2b0,arg
argument,2,0x501cd434,strioctl:vnode
subject,2122,root,other,root,other,273,258,0 0 pascal.eyrie.af.mil
return,success,0
trailer,182

Above, token argument 2 is repeated.
I dint find anything in the BSM guide on
sun's site.

I would highly appreciate it if anybody
could throw any light on this.

Regards,
--
View this message in context: http://www.nabble.com/BSM-Audit---system-call-argument-tf3759563.html#a1
0626021
Sent from the Security - Sun mailing list archive at Nabble.com.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus