What does it mean by comm="FNDWRR.exe"
Hi all,
I got value like comm="FNDWRR.exe" in Linux audit log. I was wondering if someone explain me what does it mean? Thanks, Asif |
No, I do not think anyone can give you sufficient explanation, because you gave almost no information about what's happened.
a message like that in 16 letters means probably something happened somewhere https://access.redhat.com/documentat...Log_Files.html |
Here is complete line from log file for better understanding.
auid=1015 gid=520 euid=520 suid=520 fsuid=520 egid=520 sgid=520 fsgid=520 tty=(none) ses=56094 comm="FNDWRR.exe" subj=kernel key="DELETE" kernel |
and in what context is this Microsoft *.exe being called ?
without knowing the how , what, when, and why's there is really nothing we can help with |
I think it is part of oracle apps to generate a temporary file.
Audit software sometimes runs from a linux box but the target is a NT server and end-point clients. So you should check by the IDs. Are they oracle server IDs? In a linux box, it might have been used to create a temporary file (within oracle apps) but couldn't stop. So after confirming you could see whether the process is alive and if so kill it. OK |
All times are GMT -5. The time now is 09:21 AM. |