gaugendre/youtubebeat
1
0
Fork 0
Code Issues Pull requests Releases Activity
youtubebeat/vendor/github.com/elastic/beats/auditbeat/module/auditd/_meta/execve.json

102 lines
2.4 KiB
JSON
Raw Blame History

{
"auditd": {
"data": {
"a0": "10812c8",
"a1": "1070208",
"a2": "1152008",
"a3": "59a",
"arch": "x86_64",
"argc": "2",
"exit": "0",
"syscall": "execve",
"tty": "pts0"
},
"paths": [
{
"dev": "08:01",
"inode": "155",
"item": "0",
"mode": "0100755",
"name": "/bin/uname",
"nametype": "NORMAL",
"ogid": "0",
"ouid": "0",
"rdev": "00:00"
},
{
"dev": "08:01",
"inode": "1923",
"item": "1",
"mode": "0100755",
"name": "/lib64/ld-linux-x86-64.so.2",
"nametype": "NORMAL",
"ogid": "0",
"ouid": "0",
"rdev": "00:00"
}
],
"result": "success",
"sequence": 8972,
"session": "11",
"summary": {
"actor": {
"primary": "ubuntu",
"secondary": "ubuntu"
},
"how": "/bin/uname",
"object": {
"primary": "/bin/uname",
"type": "file"
}
}
},
"event": {
"action": "executed",
"category": "audit-rule",
"module": "auditd",
"type": "syscall"
},
"file": {
"device": "00:00",
"gid": "0",
"group": "root",
"inode": "155",
"mode": "0755",
"owner": "root",
"path": "/bin/uname",
"uid": "0"
},
"process": {
"args": [
"uname",
"-a"
],
"cwd": "/home/andrew_kroh",
"exe": "/bin/uname",
"name": "uname",
"pid": "10043",
"ppid": "10027",
"title": "uname -a"
},
"tags": [
"user_commands"
],
"user": {
"auid": "1001",
"egid": "1002",
"euid": "1001",
"fsgid": "1002",
"fsuid": "1001",
"gid": "1002",
"name_map": {
"auid": "ubuntu",
"euid": "ubuntu",
"fsuid": "ubuntu",
"suid": "ubuntu",
"uid": "ubuntu"
},
"sgid": "1002",
"suid": "1001",
"uid": "1001"
}
}
Reference in a new issue View git blame Copy permalink