Author gousaiyang
Recipients christian.heimes, gousaiyang, steve.dower
Date 2020-01-05.00:11:32
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
I have made PR 17824 to add auditing events for the command execution functions mentioned above.

After a review on other related Python modules, I think maybe the following functions can also be audited, but a discussion may be required to determine whether they are necessary (whether these actions are sensitive enough to record, and performance trade off). 

- os.getenv/putenv/unsetenv
- os.getcwd/chdir
- os.chown/chmod
- os.stat/access
- os.rename/renames/replace
- os.mkdir/mkdirs
- os.remove/removedirs/rmdir/unlink  (`shutil.rmtree` is already audited)
- os.add_dll_directory
- os.fork
- os.kill/killpg
- os.path.exists/isfile/isdir/...
- signal.pthread_kill
- shutil.copy*  (`shutil.copytree` is already audited)
- shutil.move
- shutil.chown
- shutil.unpack_archive  (`shutil.make_archive` is already audited)
- resource.prlimit
- file operations in `msvcrt`
- functions in `fcntl`, `syslog`
- many high level networking modules such as `http.client/server`, `socketserver`, `xmlrpc`  (the low-level `socket` calls are already audited)
Date User Action Args
2020-01-05 00:11:33gousaiyangsetrecipients: + gousaiyang, christian.heimes, steve.dower
2020-01-05 00:11:33gousaiyangsetmessageid: <>
2020-01-05 00:11:33gousaiyanglinkissue39184 messages
2020-01-05 00:11:32gousaiyangcreate