Hi, On Mon, Sep 26, 2016 at 2:53 PM, Patrick O'Callaghan <pocallaghan@xxxxxxxxx> wrote: > On Mon, 2016-09-26 at 14:46 -0400, Alex wrote: >> Hi all, >> >> I recall seeing an rsyslog entry to prevent these messages from >> filling my messages logs, but it no longer appears to work with f24. >> Is there a more specific method to disable audit messages? >> >> Sep 26 14:40:56 alex kernel: audit: type=2404 >> audit(1474915256.442:724): pid=3297 uid=0 auid=4294967295 >> ses=4294967295 msg='op=destroy kind=server >> fp=SHA256:c3:77:02:0b:2c:82:43:05:c5:50:ff:e6:99:f1:3f:1a:1d:6a:51:b7:a4:cb:45:55:37:66:95:46:51:9b:80:d2 >> direction=? spid=3297 suid=0 exe="/usr/sbin/sshd" hostname=? >> addr=107.155.77.2 terminal=? res=success' >> >> I'm not using selinux, and have enabled rsyslog. They're just not helpful to me. > > Edit /etc/default/grub. Look for the line beginning GRUB_CMDLINE_LINUX. > Add "audit=0" to the end of that line. Run: > > grub2-mkconfig --output /boot/grub2/grub.cfg > > Audit will be turned off when you reboot. To turn it off without > rebooting, do: > > auditctl -e 0 Thanks very much, very helpful. What is the reason this is enabled by default? Don't other people find it obnoxious and unhelpful? How does this information help the average sysadmin? _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
