LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > AIX
User Name
Password
AIX This forum is for the discussion of IBM AIX.
eserver and other IBM related questions are also on topic.

Notices

Reply
 
Search this Thread
Old 01-31-2011, 08:32 AM   #1
mufy
Member
 
Registered: Oct 2004
Location: Kuwait
Distribution: Currently - AIX | Previously - RHEL 4 ES, FC 10
Posts: 206
Blog Entries: 4

Rep: Reputation: 30
** failed setting kernel audit objects


Across the internet the problem is a known issue - due to s syntax error in /etc/security/audit/objects. This is my object file on node 2 where 'audit start' fails:
prapb242[/etc/security/audit] # cat objects

/etc/security/environ:
w = "S_ENVIRON_WRITE"

/etc/security/group:
w = "S_GROUP_WRITE"

/etc/security/limits:
w = "S_LIMITS_WRITE"

/etc/security/login.cfg:
w = "S_LOGIN_WRITE"

/etc/security/passwd:
r = "S_PASSWD_READ"
w = "S_PASSWD_WRITE"

/etc/security/user:
w = "S_USER_WRITE"

/etc/security/audit/config:
w = "AUD_CONFIG_WR"

/etc/hosts.allow:
w = "S_ALLOW_WRITE"

/etc/hosts.deny:
w = "S_DENY_WRITE"

I have the same file on node 1 of a cluster. I'm able to to start audit without any problem.

What am I missing?
 
Old 02-01-2011, 06:58 AM   #2
mufy
Member
 
Registered: Oct 2004
Location: Kuwait
Distribution: Currently - AIX | Previously - RHEL 4 ES, FC 10
Posts: 206
Blog Entries: 4

Original Poster
Rep: Reputation: 30
Based on feedbacks I received from other forums this is what I did -

This is what the diff produced -
Code:
prapb241[/etc/security/audit] # diff objects.prapb242 objects.prapb241 
24c24 
< /etc/hosts.allow: 
--- 
> /etc/hosts.allow : 
27c27 
< /etc/hosts.deny: 
--- 
> /etc/hosts.deny :
The only thing I could find is the difference in the 'space' before the ':' -
Code:
prapb241[/etc/security/audit] # grep /etc/hosts objects.prapb241 
/etc/hosts.allow : 
/etc/hosts.deny : 
prapb241[/etc/security/audit] # grep /etc/hosts objects.prapb242 
/etc/hosts.allow: 
/etc/hosts.deny: 
So I copied the object file from the working node 'prapb241' to 'prapb242' -
Code:
prapb241[/etc/security/audit] # scp objects.prapb241 prapb242_mgmt:$PWD 
objects.prapb241
Renamed the 'objects.prapb241' file on node 2 as -
Code:
prapb242[/etc/security/audit] # mv objects.prapb241 objects
Restarted the 'audit' service -
Code:
prapb242[/etc/security/audit] # audit shutdown 
auditing reset 
prapb242[/etc/security/audit] # audit start 
** failed setting kernel audit objects
Still fails.


As per another suggestion this is what I did -

Did a check for the existence/absence of 'hosts' files on both the nodes -
Code:
prapb241[/etc/security/audit] # cat objects | grep /etc | cut -f1 -d: | while read x^Jdo^Jls -ltr $x^Jdone 
-rw-r----- 1 root security 60 May 07 2007 /etc/security/environ 
-rw-r----- 1 root security 673 Mar 30 2010 /etc/security/group 
-rw-r----- 1 root security 1879 Aug 03 2010 /etc/security/limits 
-rw-rw---- 1 root security 4969 Jul 13 2010 /etc/security/login.cfg 
-rw------- 1 root security 2616 Jan 23 13:39 /etc/security/passwd 
-rw-r----- 1 root security 15527 Jan 23 13:33 /etc/security/user 
-rw-r----- 1 root audit 3479 Jan 31 15:06 /etc/security/audit/config 
-rw-r--r-- 1 root system 662 Apr 28 2008 /etc/hosts.allow 
-rw-r--r-- 1 root system 126 Apr 28 2008 /etc/hosts.deny 

prapb242[/etc/security/audit] # cat objects | grep /etc | cut -f1 -d: | while read x^Jdo^Jls -ltr $x^Jdone 
-rw-r----- 1 root security 60 May 07 2007 /etc/security/environ 
-rw-r----- 1 root security 673 Mar 30 2010 /etc/security/group 
-rw-r----- 1 root security 1861 Aug 03 2010 /etc/security/limits 
-rw-rw---- 1 root security 4976 Jul 13 2010 /etc/security/login.cfg 
-rw------- 1 root security 2928 Jan 25 11:21 /etc/security/passwd 
-rw-r----- 1 root security 15063 Jan 25 11:21 /etc/security/user 
-rw-r----- 1 root audit 3479 Jan 31 16:17 /etc/security/audit/config 
-rw-r--r-- 1 root system 662 Apr 28 2008 /etc/hosts.allow 
-rw-r--r-- 1 root system 126 Apr 28 2008 /etc/hosts.deny
Nothing missing there either!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Kernel Audit Support Unavaible error when booting after kernel upgrade abefroman Red Hat 2 03-21-2013 09:32 AM
How can I read the audit time stamp? msg=audit(1213186256.105:20663) abefroman Linux - Software 3 04-21-2011 07:37 PM
Audit of Failed Date Change not Recorded in Audits: RHEL 5 mccartjd Linux - Security 1 01-09-2010 04:53 AM
NISPOM audit requirement "failed access to objects" won't work-RHEL5 update1 p3t0rt Red Hat 1 05-14-2009 12:36 PM
logging failed access to security objects tbeaton Linux - Security 1 06-24-2004 06:05 PM


All times are GMT -5. The time now is 05:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration