****************************************************************************** Audit Data - Starting date: Thu Aug 10 21:59:08 2000 ****************************************************************************** Thu Aug 10 21:59:08 2000 -> UID: EUID: RUID: - From IP/machine: system booted + booting kernel + + Thu Aug 10 22:01:21 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 login - local + successful login + + success Thu Aug 10 22:01:21 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 open() - write + /devices/pseudo/log@0:conslog + + success Thu Aug 10 22:01:21 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /sbin/sh + cmdline:-sh + success Thu Aug 10 22:01:21 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:01:21 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/grep + cmdline:/usr/bin/grep,-v,^#,/etc/yassp.conf + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/grep + cmdline:/usr/bin/grep,DEF_UMASK= + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/sed + cmdline:/usr/bin/sed,s/^.*DEF_UMASK=\([0-9]\{1,\}\).*$/\1/ + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/grep + cmdline:/usr/bin/grep,-v,^#,/etc/yassp.conf + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/grep + cmdline:/usr/bin/grep,SEC_UMASK= + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/sed + cmdline:/usr/bin/sed,s/^.*SEC_UMASK=\([0-9]\{1,\}\).*$/\1/ + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/lib/fs/ufs/quota + cmdline:/usr/sbin/quota + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/cat + cmdline:/bin/cat,-s,/etc/motd + success Thu Aug 10 22:01:22 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/mail + cmdline:/bin/mail,-E + success Thu Aug 10 22:01:24 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/csh + cmdline:csh + success Thu Aug 10 22:01:27 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/pwd + cmdline:pwd,-ef + success Thu Aug 10 22:01:29 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/ps + cmdline:ps,-ef + success Thu Aug 10 22:01:29 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/sparcv7/ps + cmdline:ps,-ef + success Thu Aug 10 22:01:50 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/tail + cmdline:tail,/etc/system + success Thu Aug 10 22:11:18 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/pwd + cmdline:pwd + success Thu Aug 10 22:11:20 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/ls + cmdline:ls,-l + success Thu Aug 10 22:11:33 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/ls + cmdline:ls,-l + success Thu Aug 10 22:11:52 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/ls + cmdline:ls,-l,audit + success Thu Aug 10 22:11:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/ls + cmdline:ls,-l,audit/localhost + success Thu Aug 10 22:12:06 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/ls + cmdline:ls,-l + success Thu Aug 10 22:21:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/pwd + cmdline:pwd + success Thu Aug 10 22:21:24 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /secure/TOTAR/audit2info + cmdline:/bin/sh,./audit2info,audit-data.txt + success Thu Aug 10 22:21:24 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:21:24 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/dirname + cmdline:/usr/bin/sh,/usr/bin/dirname,./audit2info + success Thu Aug 10 22:21:24 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/expr + cmdline:/usr/bin/expr,./audit2info/,:,\(/\)/*[^/]*//*$,|,./audit2info/,:,\(.*[^/]\)//*[^/][^/]*//*$,|,. + success Thu Aug 10 22:21:24 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:21:24 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/date + cmdline:date,+%Y%m%d-%H%M + success Thu Aug 10 22:21:24 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:21:24 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/date + cmdline:date,+%Y%m%d + success Thu Aug 10 22:21:24 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:21:24 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/date + cmdline:date,+%d-%m-%Y + success Thu Aug 10 22:21:24 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:21:24 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/date + cmdline:date,+%H:%M + success Thu Aug 10 22:21:24 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:21:24 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/hostname + cmdline:/usr/bin/sh,/usr/bin/hostname + success Thu Aug 10 22:21:24 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/uname + cmdline:/bin/uname,-n + success Thu Aug 10 22:21:25 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:21:25 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/basename + cmdline:/usr/bin/sh,/usr/bin/basename,./audit2info + success Thu Aug 10 22:21:25 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/expr + cmdline:/usr/bin/expr,/./audit2info,:,\(.*[^/]\)/*$,:,.*/\(..*\),:,\(.*\)$,|,/./audit2info,:,\(.*[^/]\)/*$,:,.*/\(..*\),|,/./audit2info,:,.*/\(..*\) + success Thu Aug 10 22:21:25 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:21:25 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/expr + cmdline:expr,1,-,1 + success Thu Aug 10 22:21:25 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/awk + cmdline:awk,-f,/HOME/AUDIT_UNIX/Scripts/auditawk.awk,-v,ARG_user=,-v,ARG_login=,FS=,,audit-data.txt + success Thu Aug 10 22:27:37 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /opt/audit/audit2info + cmdline:/bin/sh,./audit2info,audit-data.txt + success Thu Aug 10 22:27:37 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:27:37 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/dirname + cmdline:/usr/bin/sh,/usr/bin/dirname,./audit2info + success Thu Aug 10 22:27:37 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/expr + cmdline:/usr/bin/expr,./audit2info/,:,\(/\)/*[^/]*//*$,|,./audit2info/,:,\(.*[^/]\)//*[^/][^/]*//*$,|,. + success Thu Aug 10 22:27:37 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:27:37 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/date + cmdline:date,+%Y%m%d-%H%M + success Thu Aug 10 22:27:37 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:27:37 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/date + cmdline:date,+%Y%m%d + success Thu Aug 10 22:27:38 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:27:38 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/date + cmdline:date,+%d-%m-%Y + success Thu Aug 10 22:27:38 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:27:38 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/date + cmdline:date,+%H:%M + success Thu Aug 10 22:27:38 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:27:38 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/hostname + cmdline:/usr/bin/sh,/usr/bin/hostname + success Thu Aug 10 22:27:38 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/uname + cmdline:/bin/uname,-n + success Thu Aug 10 22:27:38 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:27:38 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/basename + cmdline:/usr/bin/sh,/usr/bin/basename,./audit2info + success Thu Aug 10 22:27:38 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/expr + cmdline:/usr/bin/expr,/./audit2info,:,\(.*[^/]\)/*$,:,.*/\(..*\),:,\(.*\)$,|,/./audit2info,:,\(.*[^/]\)/*$,:,.*/\(..*\),|,/./audit2info,:,.*/\(..*\) + success Thu Aug 10 22:27:38 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:27:38 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/expr + cmdline:expr,1,-,1 + success Thu Aug 10 22:27:38 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/awk + cmdline:awk,-f,/opt/audit/auditawk.awk,-v,ARG_user=,-v,ARG_login=,FS=,,audit-data.txt + success Thu Aug 10 22:36:52 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /audit2info + + failure: No such file or directory Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /opt/audit/audit2info + cmdline:/bin/sh,./audit2info,-u,fman,audit-data.txt + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/dirname + cmdline:/usr/bin/sh,/usr/bin/dirname,./audit2info + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/expr + cmdline:/usr/bin/expr,./audit2info/,:,\(/\)/*[^/]*//*$,|,./audit2info/,:,\(.*[^/]\)//*[^/][^/]*//*$,|,. + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/date + cmdline:date,+%Y%m%d-%H%M + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/date + cmdline:date,+%Y%m%d + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/date + cmdline:date,+%d-%m-%Y + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/date + cmdline:date,+%H:%M + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/hostname + cmdline:/usr/bin/sh,/usr/bin/hostname + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/uname + cmdline:/bin/uname,-n + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/basename + cmdline:/usr/bin/sh,/usr/bin/basename,./audit2info + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/expr + cmdline:/usr/bin/expr,/./audit2info,:,\(.*[^/]\)/*$,:,.*/\(..*\),:,\(.*\)$,|,/./audit2info,:,\(.*[^/]\)/*$,:,.*/\(..*\),|,/./audit2info,:,.*/\(..*\) + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/expr + cmdline:expr,3,-,1 + success Thu Aug 10 22:36:56 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/awk + cmdline:awk,-f,/opt/audit/auditawk.awk,-v,ARG_user=fman,-v,ARG_login=,FS=,,audit-data.txt + success Thu Aug 10 22:55:52 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/sbin/init + cmdline:init,0 + success Thu Aug 10 22:55:52 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/sh + cmdline:sh,-c,/usr/sbin/audit -t + success Thu Aug 10 22:55:52 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/sbin/audit + cmdline:/usr/sbin/audit,-t + success Fri Aug 11 08:03:18 2000 -> UID: EUID: RUID: - From IP/machine: system booted + booting kernel + + Fri Aug 11 08:04:15 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 login - local + successful login + + success Fri Aug 11 08:04:15 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 open() - write + /devices/pseudo/log@0:conslog + + success Fri Aug 11 08:04:15 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /sbin/sh + cmdline:-sh + success Fri Aug 11 08:04:15 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Fri Aug 11 08:04:15 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + + success Fri Aug 11 08:04:15 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/grep + cmdline:/usr/bin/grep,-v,^#,/etc/yassp.conf + success Fri Aug 11 08:04:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Fri Aug 11 08:04:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + + success Fri Aug 11 08:04:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/grep + cmdline:/usr/bin/grep,DEF_UMASK= + success Fri Aug 11 08:04:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + + success Fri Aug 11 08:04:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/sed + cmdline:/usr/bin/sed,s/^.*DEF_UMASK=\([0-9]\{1,\}\).*$/\1/ + success Fri Aug 11 08:04:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Fri Aug 11 08:04:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + + success Fri Aug 11 08:04:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/grep + cmdline:/usr/bin/grep,-v,^#,/etc/yassp.conf + success Fri Aug 11 08:04:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + /devices/pseudo/cn@0:console + + success Fri Aug 11 08:04:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + + success Fri Aug 11 08:04:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/grep + cmdline:/usr/bin/grep,SEC_UMASK= + success Fri Aug 11 08:04:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 fcntl() + + success Fri Aug 11 08:04:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/sed + cmdline:/usr/bin/sed,s/^.*SEC_UMASK=\([0-9]\{1,\}\).*$/\1/ + success Fri Aug 11 08:04:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/lib/fs/ufs/quota + cmdline:/usr/sbin/quota + success Fri Aug 11 08:04:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/cat + cmdline:/bin/cat,-s,/etc/motd + success Fri Aug 11 08:04:16 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/mail + cmdline:/bin/mail,-E + success Fri Aug 11 08:07:28 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/csh + cmdline:csh + success Fri Aug 11 08:07:36 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/vi + cmdline:vi,/etc/resolv.conf + success Fri Aug 11 08:07:36 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 open() - read,write + /devices/pseudo/mm@0:zero + + success Fri Aug 11 08:07:37 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 creat() + /var/tmp/Ex0000000203 + + success Fri Aug 11 08:07:37 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 open() - read,write + /var/tmp/Ex0000000203 + + success Fri Aug 11 08:07:37 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 unlink() + /var/tmp/Ex0000000203 + + success Fri Aug 11 08:07:37 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 creat() + /var/tmp/Ex0000000203 + + success Fri Aug 11 08:07:37 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 open() - read,write + /var/tmp/Ex0000000203 + + success Fri Aug 11 08:07:40 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 unlink() + /var/tmp/Ex0000000203 + + success Fri Aug 11 08:07:53 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/vi + cmdline:vi,/etc/resolv.conf + success Fri Aug 11 08:07:53 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 open() - read,write + /devices/pseudo/mm@0:zero + + success Fri Aug 11 08:07:53 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 creat() + /var/tmp/Ex0000000204 + + success Fri Aug 11 08:07:53 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 open() - read,write + /var/tmp/Ex0000000204 + + success Fri Aug 11 08:07:53 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 unlink() + /var/tmp/Ex0000000204 + + success Fri Aug 11 08:07:53 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 creat() + /var/tmp/Ex0000000204 + + success Fri Aug 11 08:07:53 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 open() - read,write + /var/tmp/Ex0000000204 + + success Fri Aug 11 08:08:03 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 creat() + /etc/resolv.conf + + success Fri Aug 11 08:08:03 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 unlink() + /var/tmp/Ex0000000204 + + success Fri Aug 11 08:09:12 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/vi + cmdline:vi + success Fri Aug 11 08:09:12 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 open() - read,write + /devices/pseudo/mm@0:zero + + success Fri Aug 11 08:09:13 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 creat() + /var/tmp/Ex0000000205 + + success Fri Aug 11 08:09:13 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 open() - read,write + /var/tmp/Ex0000000205 + + success Fri Aug 11 08:09:15 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 unlink() + /var/tmp/Ex0000000205 + + success Fri Aug 11 08:09:20 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/cat + cmdline:cat,/etc/nsswitch.conf + success Fri Aug 11 08:09:25 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/vi + cmdline:vi,/etc/nsswitch.conf + success Fri Aug 11 08:09:25 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 open() - read,write + /devices/pseudo/mm@0:zero + + success Fri Aug 11 08:09:25 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 creat() + /var/tmp/Ex0000000207 + + success Fri Aug 11 08:09:25 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 open() - read,write + /var/tmp/Ex0000000207 + + success Fri Aug 11 08:09:25 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 unlink() + /var/tmp/Ex0000000207 + + success Fri Aug 11 08:09:25 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 creat() + /var/tmp/Ex0000000207 + + success Fri Aug 11 08:09:25 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 open() - read,write + /var/tmp/Ex0000000207 + + success Fri Aug 11 08:10:30 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 creat() + /etc/nsswitch.conf + + success Fri Aug 11 08:10:30 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 unlink() + /var/tmp/Ex0000000207 + + success Fri Aug 11 08:10:40 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 execve() + /usr/bin/vi + cmdline:vi,/etc/vfstab + success Fri Aug 11 08:10:40 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 open() - read,write + /devices/pseudo/mm@0:zero + + success Fri Aug 11 08:10:40 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 creat() + /var/tmp/Ex0000000208 + + success Fri Aug 11 08:10:40 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 open() - read,write + /var/tmp/Ex0000000208 + + success Fri Aug 11 08:10:40 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 unlink() + /var/tmp/Ex0000000208 + + success Fri Aug 11 08:10:40 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 creat() + /var/tmp/Ex0000000208 + + success Fri Aug 11 08:10:40 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 open() - read,write + /var/tmp/Ex0000000208 + + success Fri Aug 11 08:12:14 2000 -> UID:root EUID:root RUID:root - From IP/machine:log1 creat() + /etc/vfstab + + success ****************************************************************************** Audit Data - Ending date: Fri Aug 11 08:12:14 2000 ******************************************************************************