I am running auditd on a Debian 11 server with a very generic set of audit rules. The audit log is filled with entries like below. I'm not sure what they are - can anyone help identify these? I'm assuming it has something to do with root executing something since the ouid and ogit are 0. Is this correct?
type=Path msg=audit(1712839234.13338212): item=2 name="/lib/ld-linux-x86-64.so.2" inode=1573503 dev=fe:05 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fe=0 fver=0 frootid=0
Asked by user1309220
(15 rep)
Apr 11, 2024, 05:25 PM
Last activity: Apr 15, 2024, 10:18 PM
Last activity: Apr 15, 2024, 10:18 PM