Kernel Audit Messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Marcin, that's actually a different problem having to do with (I 
believe) logging by a PAM module. This seems to be a feature of SELinux. 
  I solved the problem by turning on the auditd daemon which causes the 
messages to be sent to /var/log/audit/audit.log.

Kirk

Marcin Godlewski wrote:
> Kirk Bocek napisa?(a):
> 
>>Since updating to 4.2 my Opteron server has been flooded by messages like:
>>
>>audit(1129565701.837:155): user pid=4700 uid=0 auid=4294967295 msg='PAM
>>session open: user=root exe="/usr/sbin/crond" (hostname=?, addr=?,
>>terminal=cron result=Success)'
>>
>>to both /var/log/messages and the kernel ring buffer. Looks like they
>>are being generated by cron jobs being run on the server.
>>
>>Does anyone know how to turn these messages off or to redirect them?
>>
> 
> I have exactly the same problem. I've solved this by change in
> syslog.conf to look like:
> *.info;mail.none;authpriv.none;cron.none;auth.!=info
> /var/log/messages
> and adding this line
>  auth.info                                               /var/log/cron.auth
> 
> It solved my problem byt its temporally, dont know what to do exactly to
>  stop it.
> 
> 


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux