On Sat, 2007-11-17 at 04:31 -0500, Gene Heskett wrote: > Greetings; > > FC6 system, uptodate, kernel 2.6.24-rc3, but this has existed since I > re-enabled selinux in permissive mode just to see what complained. > > The manpage says to use the -f option for foreground troubleshooting, so here > goes: > > [root@coyote linux-2.6.24-rc3]# man auditd > [root@coyote linux-2.6.24-rc3]# which auditd > /sbin/auditd > [root@coyote linux-2.6.24-rc3]# auditd -f > Config file /etc/audit/auditd.conf opened for parsing > log_file_parser called with: /var/log/audit/audit.log > log_format_parser called with: RAW > priority_boost_parser called with: 3 > flush_parser called with: INCREMENTAL > freq_parser called with: 20 > num_logs_parser called with: 4 > dispatch_parser called with: /sbin/audispd > qos_parser called with: lossy > max_log_size_parser called with: 5 > max_log_size_action_parser called with: ROTATE > space_left_parser called with: 75 > space_action_parser called with: SYSLOG > action_mail_acct_parser called with: root > admin_space_left_parser called with: 50 > admin_space_left_action_parser called with: SUSPEND > disk_full_action_parser called with: SUSPEND > disk_error_action_parser called with: SUSPEND > Started dispatcher: /sbin/audispd pid: 7828 > type=DAEMON_START msg=audit(1195291550.719:1106) auditd start, ver=1.4.2, > format=raw, auid=4294967295 pid=7824 res=success, auditd pid=7824 > config_manager init complete > Error setting audit daemon pid (Connection refused) > type=DAEMON_ABORT msg=audit(1195291550.720:1107) auditd error halt, > auid=4294967295 pid=7824 res=failed, auditd pid=7824 > Unable to set audit pid, exiting > The audit daemon is exiting. > Error setting audit daemon pid (Connection refused) > [root@coyote linux-2.6.24-rc3]# > > Connection refused sounds as if something else isn't running that should be, > but no direct clue, so what else needs to run too, before auditd? More of a question for linux-audit (cc'd). Offhand, I'd guess that the ECONNREFUSED is coming from the netlink code, but I don't know why. Running it under strace might be illuminating. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
