Skip to content

Instantly share code, notes, and snippets.

@aiwilliams

aiwilliams/auditd-login-trace.log

Created November 19, 2013 16:25
Show Gist options
  • Save aiwilliams/7548049 to your computer and use it in GitHub Desktop.
Save aiwilliams/7548049 to your computer and use it in GitHub Desktop.
Download ZIP
How cool is this tool?! auditd FTW.
Raw
auditd-login-trace.log
type=SYSCALL msg=audit(1384878019.652:5197): arch=c000003e syscall=2 success=yes exit=4 a0=7f04eed29dc0 a1=800 a2=1 a3=0 items=1 ppid=791 pid=7319 auid=4294967295 uid=0 gid=0 euid=1000 suid=0 fsuid=1000 egid=1000 sgid=0 fsgid=1000 tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd" key="gemstuff"
type=CWD msg=audit(1384878019.652:5197): cwd="/"
type=PATH msg=audit(1384878019.652:5197): item=0 name="/home/vagrant/.ssh/authorized_keys" inode=2359308 dev=08:01 mode=0100600 ouid=1000 ogid=0 rdev=00:00
type=LOGIN msg=audit(1384878019.656:5198): login pid=7319 uid=0 old auid=4294967295 new auid=1000 old ses=4294967295 new ses=30
type=SYSCALL msg=audit(1384878019.672:5199): arch=c000003e syscall=2 success=yes exit=3 a0=116ab08 a1=0 a2=435e40 a3=0 items=1 ppid=7331 pid=7332 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=30 comm="bash" exe="/bin/bash" key="gemstuff"
type=CWD msg=audit(1384878019.672:5199): cwd="/home/vagrant"
type=PATH msg=audit(1384878019.672:5199): item=0 name="/home/vagrant/.profile" inode=2359300 dev=08:01 mode=0100644 ouid=1000 ogid=1000 rdev=00:00
type=SYSCALL msg=audit(1384878019.676:5200): arch=c000003e syscall=2 success=yes exit=3 a0=116b7c8 a1=0 a2=435e40 a3=0 items=1 ppid=7331 pid=7332 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=30 comm="bash" exe="/bin/bash" key="gemstuff"
type=CWD msg=audit(1384878019.676:5200): cwd="/home/vagrant"
type=PATH msg=audit(1384878019.676:5200): item=0 name="/home/vagrant/.bashrc" inode=2359301 dev=08:01 mode=0100644 ouid=1000 ogid=1000 rdev=00:00
type=SYSCALL msg=audit(1384878019.676:5201): arch=c000003e syscall=2 success=yes exit=3 a0=116d7c8 a1=0 a2=1b6 a3=ffffffffffffffce items=1 ppid=7331 pid=7332 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=30 comm="bash" exe="/bin/bash" key="gemstuff"
type=CWD msg=audit(1384878019.676:5201): cwd="/home/vagrant"
type=PATH msg=audit(1384878019.676:5201): item=0 name="/home/vagrant/.bash_history" inode=2359305 dev=08:01 mode=0100600 ouid=1000 ogid=1000 rdev=00:00
type=SYSCALL msg=audit(1384878019.684:5202): arch=c000003e syscall=2 success=yes exit=3 a0=116abc8 a1=0 a2=1b6 a3=ffffffffffffffce items=1 ppid=7331 pid=7332 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=30 comm="bash" exe="/bin/bash" key="gemstuff"
type=CWD msg=audit(1384878019.684:5202): cwd="/home/vagrant"
type=PATH msg=audit(1384878019.684:5202): item=0 name="/home/vagrant/.bash_history" inode=2359305 dev=08:01 mode=0100600 ouid=1000 ogid=1000 rdev=00:00
type=SYSCALL msg=audit(1384878019.684:5203): arch=c000003e syscall=2 success=yes exit=3 a0=116abc8 a1=0 a2=1b6 a3=ffffffffffffffce items=1 ppid=7331 pid=7332 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=30 comm="bash" exe="/bin/bash" key="gemstuff"
type=CWD msg=audit(1384878019.684:5203): cwd="/home/vagrant"
type=PATH msg=audit(1384878019.684:5203): item=0 name="/home/vagrant/.bash_history" inode=2359305 dev=08:01 mode=0100600 ouid=1000 ogid=1000 rdev=00:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment