Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

autrace(8) [v7 man page]

AUTRACE:(8)						  System Administration Utilities					       AUTRACE:(8)

NAME
autrace - a program similar to strace SYNOPSIS
autrace program [-r] [program-args]... DESCRIPTION
autrace is a program that will add the audit rules to trace a process similar to strace. It will then execute the program passing arguments to it. The resulting audit information will be in the audit logs if the audit daemon is running or syslog. This command deletes all audit rules prior to executing the target program and after executing it. As a safety precaution, it will not run unless all rules are deleted with auditctl prior to use. OPTIONS
-r Limit syscalls collected to ones needed for analyzing resource usage. This could help people doing threat modeling. This saves space in logs. EXAMPLES
The following illustrates a typical session: autrace /bin/ls /tmp ausearch --start recent -p 2442 -i and for resource usage mode: autrace -r /bin/ls ausearch --start recent -p 2450 --raw | aureport --file --summary ausearch --start recent -p 2450 --raw | aureport --host --summary SEE ALSO
ausearch(8), auditctl(8). AUTHOR
Steve Grubb Red Hat Jan 2007 AUTRACE:(8)

Check Out this Related Man Page

AUTRACE:(8)						  System Administration Utilities					       AUTRACE:(8)

NAME
autrace - a program similar to strace SYNOPSIS
autrace program [-r] [program-args]... DESCRIPTION
autrace is a program that will add the audit rules to trace a process similar to strace. It will then execute the program passing arguments to it. The resulting audit information will be in the audit logs if the audit daemon is running or syslog. This command deletes all audit rules prior to executing the target program and after executing it. As a safety precaution, it will not run unless all rules are deleted with auditctl prior to use. OPTIONS
-r Limit syscalls collected to ones needed for analyzing resource usage. This could help people doing threat modeling. This saves space in logs. EXAMPLES
The following illustrates a typical session: autrace /bin/ls /tmp ausearch --start recent -p 2442 -i and for resource usage mode: autrace -r /bin/ls ausearch --start recent -p 2450 --raw | aureport --file --summary ausearch --start recent -p 2450 --raw | aureport --host --summary SEE ALSO
ausearch(8), auditctl(8). AUTHOR
Steve Grubb Red Hat Jan 2007 AUTRACE:(8)
Man Page

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Getting the most recent file

Hi people, Please some help over here. I have logs in a directory, in which I need to get the most recent file in order to put it within other command. The format of the files are loadfiles20090308094339_41 loadfiles20090308094418_42 loadfiles20090308095457_43... (4 Replies)
Discussion started by: cgkmal
4 Replies

2. Shell Programming and Scripting

How can I start a SH application when someone makes a ssh connection?

Hello everyone, I'm trying to control the access in my server. I did an application that can read audit logs and sys logs with the purpose to send me a report by email with important information about the user. It's a SH file. My problem is start the program when someone makes a ssh connection.... (4 Replies)
Discussion started by: journey
4 Replies

3. Fedora

aureport issues

Over the last few weeks, I have had 3 different machines start showing only the date of 12/31/1969 19:00:00 for the aureport logs. Seeing it on Fedora 6 and RHEL 5.5. I saw a few others posting on this same issue, but no answers. I am a newbie to linux/unix, and have exhausted all of my internal... (0 Replies)
Discussion started by: dantil
0 Replies

4. What is on Your Mind?

Tell us about your most recent system incident

maybe we can start a thread to keep a record of administration changes made by yourself or other people but later blew into a huge incident affecting many users. I'll start first. Recently due to security requirements we decided to disallow ftp usage to all users on all our servers by updating... (2 Replies)
Discussion started by: sparcguy
2 Replies

5. Red Hat

Help needed 'Segv'

Red Hat Enterprise 4.5 (32 bit) In strace we see "unexpected reloc type 0x38" What does that code 0x38 mean? mprotect(0x59a000, 42229760, PROT_READ|PROT_WRITE) = 0 writev(2, unexpected reloc type 0x38", 26}, {"", 0}, {"", 0}, {"\n", 1}], 1 0) = 113 exit_group(127) ... (6 Replies)
Discussion started by: Sunusernewbie
6 Replies

6. Programming

Wrapper for unix program - urgent help needed

Hello all , i need some help asap i have a program that keeps killing the machine when i did google searches and 2 days later i ran strace it seems the programm keeps making a system call to gettimeofday to i guess increment a counter ? gettimeofday({1347986584, 464904}, NULL) = 0... (6 Replies)
Discussion started by: NetworkLearning
6 Replies

7. AIX

Why /bin/su permission with SUID?

Dear all experts in this forum, I have faced a audit issue as auditor told that we should not have SUID on /bin/su. As I have checked using Google, I found most of the site only telling that /bin/su should have the permission bit as -rwsr-xr-x but never explain why /bin/su need this permission... (4 Replies)
Discussion started by: kwliew999
4 Replies