ianrumford/blog_audit1.log

## blog_audit1.log
node=cdh4flumevm1 type=DAEMON_START msg=audit(1342114506.467:9723): auditd start, ver=1.7.18 format=raw kernel=3.2.0-26-generic auid=4294967295 pid=1054 subj=unconfined  res=success
node=cdh4flumevm1 type=CONFIG_CHANGE msg=audit(1342114506.571:24): audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 res=1
node=cdh4flumevm1 type=CONFIG_CHANGE msg=audit(1342114506.571:25): audit_failure=2 old=1 auid=4294967295 ses=4294967295 res=1
node=cdh4flumevm1 type=CONFIG_CHANGE msg=audit(1342114506.579:105): audit_enabled=1 old=1 auid=4294967295 ses=4294967295 res=1
node=cdh4flumevm1 type=LOGIN msg=audit(1342114506.751:106): login pid=1104 uid=0 old auid=4294967295 new auid=104 old ses=4294967295 new ses=1
node=cdh4flumevm1 type=LOGIN msg=audit(1342114517.503:107): login pid=1447 uid=0 old auid=4294967295 new auid=1000 old ses=4294967295 new ses=2
node=cdh4flumevm1 type=SYSCALL msg=audit(1342114517.511:108): arch=c000003e syscall=87 success=no exit=-2 a0=e273d0 a1=0 a2=e22620 a3=7ffffcd967e0 items=1 ppid=1447 pid=1539 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="gnome-keyring-d" exe="/usr/bin/gnome-keyring-daemon" key="delete"
node=cdh4flumevm1 type=CWD msg=audit(1342114517.511:108):  cwd="/"
node=cdh4flumevm1 type=PATH msg=audit(1342114517.511:108): item=0 name="/tmp/keyring-GZxINJ/control" inode=1574066 dev=08:01 mode=040700 ouid=1000 ogid=1000 rdev=00:00
node=cdh4flumevm1 type=SYSCALL msg=audit(1342114517.547:109): arch=c000003e syscall=93 success=yes exit=0 a0=9 a1=3e8 a2=3e8 a3=7fff7d9907c0 items=1 ppid=987 pid=1447 auid=1000 uid=1000 gid=1000 euid=1000 suid=0 fsuid=1000 egid=1000 sgid=0 fsgid=1000 tty=(none) ses=2 comm="lightdm" exe="/usr/sbin/lightdm" key="perm_mod"
node=cdh4flumevm1 type=PATH msg=audit(1342114517.547:109): item=0 name=(null) inode=2228290 dev=08:01 mode=0100600 ouid=1000 ogid=1000 rdev=00:00
node=cdh4flumevm1 type=SYSCALL msg=audit(1342114517.547:110): arch=c000003e syscall=91 success=yes exit=0 a0=9 a1=8180 a2=3e8 a3=7fff7d9907c0 items=1 ppid=987 pid=1447 auid=1000 uid=1000 gid=1000 euid=1000 suid=0 fsuid=1000 egid=1000 sgid=0 fsgid=1000 tty=(none) ses=2 comm="lightdm" exe="/usr/sbin/lightdm" key="perm_mod"
	node=cdh4flumevm1 type=DAEMON_START msg=audit(1342114506.467:9723): auditd start, ver=1.7.18 format=raw kernel=3.2.0-26-generic auid=4294967295 pid=1054 subj=unconfined res=success
	node=cdh4flumevm1 type=CONFIG_CHANGE msg=audit(1342114506.571:24): audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 res=1
	node=cdh4flumevm1 type=CONFIG_CHANGE msg=audit(1342114506.571:25): audit_failure=2 old=1 auid=4294967295 ses=4294967295 res=1
	node=cdh4flumevm1 type=CONFIG_CHANGE msg=audit(1342114506.579:105): audit_enabled=1 old=1 auid=4294967295 ses=4294967295 res=1
	node=cdh4flumevm1 type=LOGIN msg=audit(1342114506.751:106): login pid=1104 uid=0 old auid=4294967295 new auid=104 old ses=4294967295 new ses=1
	node=cdh4flumevm1 type=LOGIN msg=audit(1342114517.503:107): login pid=1447 uid=0 old auid=4294967295 new auid=1000 old ses=4294967295 new ses=2
	node=cdh4flumevm1 type=SYSCALL msg=audit(1342114517.511:108): arch=c000003e syscall=87 success=no exit=-2 a0=e273d0 a1=0 a2=e22620 a3=7ffffcd967e0 items=1 ppid=1447 pid=1539 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="gnome-keyring-d" exe="/usr/bin/gnome-keyring-daemon" key="delete"
	node=cdh4flumevm1 type=CWD msg=audit(1342114517.511:108): cwd="/"
	node=cdh4flumevm1 type=PATH msg=audit(1342114517.511:108): item=0 name="/tmp/keyring-GZxINJ/control" inode=1574066 dev=08:01 mode=040700 ouid=1000 ogid=1000 rdev=00:00
	node=cdh4flumevm1 type=SYSCALL msg=audit(1342114517.547:109): arch=c000003e syscall=93 success=yes exit=0 a0=9 a1=3e8 a2=3e8 a3=7fff7d9907c0 items=1 ppid=987 pid=1447 auid=1000 uid=1000 gid=1000 euid=1000 suid=0 fsuid=1000 egid=1000 sgid=0 fsgid=1000 tty=(none) ses=2 comm="lightdm" exe="/usr/sbin/lightdm" key="perm_mod"
	node=cdh4flumevm1 type=PATH msg=audit(1342114517.547:109): item=0 name=(null) inode=2228290 dev=08:01 mode=0100600 ouid=1000 ogid=1000 rdev=00:00
	node=cdh4flumevm1 type=SYSCALL msg=audit(1342114517.547:110): arch=c000003e syscall=91 success=yes exit=0 a0=9 a1=8180 a2=3e8 a3=7fff7d9907c0 items=1 ppid=987 pid=1447 auid=1000 uid=1000 gid=1000 euid=1000 suid=0 fsuid=1000 egid=1000 sgid=0 fsgid=1000 tty=(none) ses=2 comm="lightdm" exe="/usr/sbin/lightdm" key="perm_mod"