I run the 4.11 kernels on F25. For the last couple of kernels I've compiled, they constantly write messages from auditd to the virtual consoles. Working away, and suddenly 10 lines of output appear and overwrite the console. The auditd libraries and binaries were also upgraded a couple times around the time that this started happening, so I'm not sure which of the two caused this, the kernel or auditd. I mention it here because the 4.11 kernel is a release kernel now, and will likely be coming to F25 at some point. If it does, you can try the below workaround. Add the following line to the end of /etc/audit/rules.d/audit.rules. -a never,exit -S all -F res=success This isn't a very good thing to do if you are running a server, because successful system calls can be useful for finding intrusions and problems. But I don't have any internet facing services, so I'm not really interested in these. I no longer have the messages appearing in the virtual consoles. Of course you can just comment out the -a task,never line, and there will be no rules, and thus no messages, because the -D erases them. Here's a link to some rules that seem practical for standalone computers. https://security.stackexchange.com/questions/4629/simple-example-auditd-configuration The last comment there is pertinent. I am not an expert, so take my advice with a grain of salt. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
