Tom Laramee wrote:
Greetings:
i have an x86_64 Centos5.3 box and i'm trying to run auditd. it fails on startup and this is the O/P at the end:
config_manager init complete
Error setting audit daemon pid (Connection refused)
type=DAEMON_ABORT msg=audit(1260554376.697:5674): auditd error halt, auid=4294967295 pid=32702 res=failed
Unable to set audit pid, exiting
The audit daemon is exiting.
Error setting audit daemon pid (Connection refused)
the only thing i've learned from asking google is that it's a potential problem with the interaction between selinux & auditd, but i haven't found a solution.
two questions:
1. anyone know what the problem is? (that or my next step in diagnosing it)
Are you running selinux in enforcing or permissive mode? sestatus to
check - suggest you post
2. if i can't solve it, is there an alternative method for adding watchpoints to
directories such that i can be notified of WRITE events for files in that
directory (and preferably for all of it's subdirectories)?
Consider running aide and ossec - these can notify you of changes to
critical files and folders.
My kernel version is 2.6.18 (full info below).
The audit version is audit.x86_64 0:1.7.13-2.el5
thanks
--tom
Name : kernel
Arch : x86_64
Version : 2.6.18
Release : 164.6.1.el5
Size : 18 M
Repo : updates
Summary : The Linux kernel (the core of the Linux operating system)
URL : http://www.kernel.org/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
begin:vcard
fn:Rob Kampen
n:Kampen;Rob
email;internet:rob@xxxxxxxxxxxxxxxxx
tel;cell:407-341-3815
version:2.1
end:vcard
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
