Re: aduitd failing to start

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>   Thank you for the reply. Current version is audit-1.5.5-7.el5.

OK, I thought you were running something newer from 5.2 beta. This uses the old event dispatcher which doesn't do anything fancy. Maybe you would want to try disabling the dispatcher and see if you are still having a problem. Add a # at the beginning of the line for dispatcher= in /etc/audit/auditd.conf. This will affect setroubleshoot, though.

But I got to admit that I haven't seen this kind of behavior before for the older software. Do you have auditd.conf setup to send email alerts? Also, avcs don't tell you the whole story alone. You may need to temporarily add a simple rule like, "-w /etc/shadow -p  w", to /etc/audit/audit.rules to trigger more detailed information. This sounds like a program that is being run from auditd doesn't have an auto transition and therefore appears as if it were auditd_t.

> Man pages for auditd.conf do not show name_format option. Anyway I tried
> both options name_format = none and name_format = hostname and still
> auditd fails to startup.

Yeah, that's for the newer 5.2 version.

-Steve




      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux