AUTRACE:(8) System Administration Utilities AUTRACE:(8)NAME
autrace - a program similar to strace
SYNOPSIS
autrace program [-r] [program-args]...
DESCRIPTION
autrace is a program that will add the audit rules to trace a process similar to strace. It will then execute the program passing arguments
to it. The resulting audit information will be in the audit logs if the audit daemon is running or syslog. This command deletes all audit
rules prior to executing the target program and after executing it. As a safety precaution, it will not run unless all rules are deleted
with auditctl prior to use.
OPTIONS -r Limit syscalls collected to ones needed for analyzing resource usage. This could help people doing threat modeling. This saves space
in logs.
EXAMPLES
The following illustrates a typical session:
autrace /bin/ls /tmp
ausearch --start recent -p 2442 -i
and for resource usage mode:
autrace -r /bin/ls
ausearch --start recent -p 2450 --raw | aureport --file --summary
ausearch --start recent -p 2450 --raw | aureport --host --summary
SEE ALSO ausearch(8), auditctl(8).
AUTHOR
Steve Grubb
Red Hat Jan 2007 AUTRACE:(8)
Check Out this Related Man Page
AUTRACE:(8) System Administration Utilities AUTRACE:(8)NAME
autrace - a program similar to strace
SYNOPSIS
autrace program [-r] [program-args]...
DESCRIPTION
autrace is a program that will add the audit rules to trace a process similar to strace. It will then execute the program passing arguments
to it. The resulting audit information will be in the audit logs if the audit daemon is running or syslog. This command deletes all audit
rules prior to executing the target program and after executing it. As a safety precaution, it will not run unless all rules are deleted
with auditctl prior to use.
OPTIONS -r Limit syscalls collected to ones needed for analyzing resource usage. This could help people doing threat modeling. This saves space
in logs.
EXAMPLES
The following illustrates a typical session:
autrace /bin/ls /tmp
ausearch --start recent -p 2442 -i
and for resource usage mode:
autrace -r /bin/ls
ausearch --start recent -p 2450 --raw | aureport --file --summary
ausearch --start recent -p 2450 --raw | aureport --host --summary
SEE ALSO ausearch(8), auditctl(8).
AUTHOR
Steve Grubb
Red Hat Jan 2007 AUTRACE:(8)
I shall give a brief explanation of the scenario - I have to send audit trail to the management, whenever a particular id logs in, and logs out. The management should be able to see what that particular id did, when the id was logged on. I have auditing enabled in my server, however, it is in the... (1 Reply)
Hi people,
Please some help over here.
I have logs in a directory, in which I need to get the most recent file in order to put it within other command.
The format of the files are
loadfiles20090308094339_41
loadfiles20090308094418_42
loadfiles20090308095457_43... (4 Replies)
Hello everyone,
I'm trying to control the access in my server. I did an application that can read audit logs and sys logs with the purpose to send me a report by email with important information about the user. It's a SH file. My problem is start the program when someone makes a ssh connection.... (4 Replies)
Over the last few weeks, I have had 3 different machines start showing only the date of 12/31/1969 19:00:00 for the aureport logs. Seeing it on Fedora 6 and RHEL 5.5. I saw a few others posting on this same issue, but no answers. I am a newbie to linux/unix, and have exhausted all of my internal... (0 Replies)
maybe we can start a thread to keep a record of administration changes made by yourself or other people but later blew into a huge incident affecting many users.
I'll start first. Recently due to security requirements we decided to disallow ftp usage to all users on all our servers by updating... (2 Replies)
Red Hat Enterprise 4.5 (32 bit)
In strace we see "unexpected reloc type 0x38" What does that code 0x38 mean?
mprotect(0x59a000, 42229760, PROT_READ|PROT_WRITE) = 0
writev(2, unexpected reloc type 0x38", 26}, {"", 0}, {"", 0}, {"\n", 1}], 1
0) = 113
exit_group(127) ... (6 Replies)
Hello all ,
i need some help asap
i have a program that keeps killing the machine
when i did google searches and 2 days later i ran strace
it seems the programm keeps making a system call to gettimeofday
to i guess increment a counter ?
gettimeofday({1347986584, 464904}, NULL) = 0... (6 Replies)
Dear all experts in this forum,
I have faced a audit issue as auditor told that we should not have SUID on /bin/su. As I have checked using Google, I found most of the site only telling that /bin/su should have the permission bit as -rwsr-xr-x but never explain why /bin/su need this permission... (4 Replies)