SELinux log entry - what does it mean?

[taylorkh]

The top google recommendation for "SELinux how..." appears do be DISABLE. Rather sad. But I am not giving up. I have SELinux running on my CentOS 6.2 desktop. I have configured it to allow Samba (just for providing access from an occasional Windows VM running under VMWare on the same hardware). So far I have not had any real issues with SELinux and I am working my way through some on-line tutorials to try and get a handle on its capabilities. That said, I decided to have a look at the log file /var/log/audit/audit.log

After paging though a LOT of success entries I decided to filter out the failures as they would seem to be of more importance. The most common entry among the 82 entries looks like this [quote] type=USER_AUTH msg=audit(1341075245.068:150): user pid=7872 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="ken" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=failed'[/quote] Let me state up front that I do have my user setup for sudo as TrueCrypt seems to require it. I do most root work by using su. However, of the 82 logged failures I find that 48 have to do with sudo. I know I have not mistyped my password that many times. I probably have not done 48 sudos.

Can someone help me to understand [b]when[/b] these transgressions occurred and perhaps what they were?

TIA,

Ken

[TrevorH]

When?

[code]
$ echo 1341075245 | gawk '{print strftime("%c", $0)}'
Sat 30 Jun 2012 17:54:05 BST
[/code]

[taylorkh]

Thanks TrevorH,

I suspected that it was a Mayan calendar representation.

Ken

[vonskippy]

Another way to convert epoch time is:

[root@vmCentOS ~]# date -d @1341075245
Sat Jun 30 10:54:05 MDT 2012