System Administration Guide: Security Services

exec_args Token

The exec_args token records the arguments to an exec() system call. The exec_args token has two fixed fields:

The remainder of this token is composed of count strings. The praudit -x command shows the fields of the exec_args token:


<exec_args><arg>/usr/bin/sh</arg><arg>/usr/bin/hostname</arg></exec_args>

Note –

The exec_args token is output only when the argv audit policy option is active.