LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-22-2009, 04:47 AM   #1
prashant.saraf
Member
 
Registered: Mar 2009
Location: Hartford US
Distribution: Ubuntu and Fedora
Posts: 39

Rep: Reputation: 0
auditd Problem, need to boot system wiht Level 1


Hi,
I am using fedora 10, and the auditd failed to start, so i am unable to login, for that i want to login with level 1, can some one tell me how to do it? or is there any solution to get in the system?
 
Old 03-22-2009, 05:58 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
On bootup in GRUB add (w/o outer quotes) "enforcing=0 1" as last argument to your kernels boot arguments. The "enforcing=0" disables SE Linux until rebooted and " 1" signals the machine to enter single user runlevel 1. Check the systems logs why Auditd does not want to start and please post exact error messages if any.
 
Old 03-22-2009, 07:10 AM   #3
prashant.saraf
Member
 
Registered: Mar 2009
Location: Hartford US
Distribution: Ubuntu and Fedora
Posts: 39

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by unSpawn View Post
On bootup in GRUB add (w/o outer quotes) "enforcing=0 1" as last argument to your kernels boot arguments. The "enforcing=0" disables SE Linux until rebooted and " 1" signals the machine to enter single user runlevel 1. Check the systems logs why Auditd does not want to start and please post exact error messages if any.
Thanks, I am able to login using enforcing=0 1. and I have changed the owner and the rights of audit.log but sill same issue.

I remembed what I did so this problme is coming. I logged in with root through gnome. in that i select the properties of '/' i.e file system, and given permission to every one even for all subdirecotry of '/'
 
Old 03-22-2009, 08:02 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
Quote:
Originally Posted by prashant.saraf View Post
I remembed what I did so this problme is coming. I logged in with root through gnome. in that i select the properties of '/' i.e file system, and given permission to every one even for all subdirecotry of '/'
There's a few fatal flaws there. First of all you should not (need to) log in as root, root does not need any X sessions and changing permissions to alleviate problems certainly is the wrong way to do things (which you already found out the hard way yourself). Please familiarise yourself with operating a GNU/Linux system using the documents that came with your installation, the documents on the CentOS site and those on the site of Red Hat.

To get things back in order you could try 'rpm --setperms filesystem' to restore topdir perms then 'rpm -qa 2>/dev/null|xargs rpm --setperms' to do the same for all other installed packages.
 
Old 03-22-2009, 09:14 AM   #5
prashant.saraf
Member
 
Registered: Mar 2009
Location: Hartford US
Distribution: Ubuntu and Fedora
Posts: 39

Original Poster
Rep: Reputation: 0
I have tried 'rpm --setperms filesystem' then 'rpm -qa 2>/dev/null|xargs rpm --setperms' but still problem is there.
 
Old 03-22-2009, 11:29 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
What does 'rpm -qV audit' return? Are there any errors in /varlog/messages?
 
Old 03-22-2009, 03:06 PM   #7
prashant.saraf
Member
 
Registered: Mar 2009
Location: Hartford US
Distribution: Ubuntu and Fedora
Posts: 39

Original Poster
Rep: Reputation: 0
Quote:
What does 'rpm -qV audit' return?
[root@xpro blackperl]# rpm -qV audit
.M...... /sbin/audispd
.M...... /sbin/auditctl
.M...... /sbin/auditd
.M...... /sbin/aureport
.M...... /sbin/ausearch
.M...... /sbin/autrace
.M...... d /usr/share/doc/audit-1.7.12/COPYING
.M...... d /usr/share/doc/audit-1.7.12/ChangeLog
.M...... d /usr/share/doc/audit-1.7.12/README
.M...... d /usr/share/doc/audit-1.7.12/auditd.cron
.M...... d /usr/share/doc/audit-1.7.12/capp.rules
.M...... d /usr/share/doc/audit-1.7.12/lspp.rules
.M...... d /usr/share/doc/audit-1.7.12/nispom.rules
.M...... d /usr/share/doc/audit-1.7.12/stig.rules
.M...... /var/log/audit

Quote:
Are there any errors in /varlog/messages?
I am sorry but did not understand most of it. I have searched for auditd and found this

Mar 23 00:27:14 xpro kernel: type=1400 audit(1237748234.566:291): avc: denied { getattr } for pid=3829 comm="rpm" path="/etc/audit" dev=dm-0 ino=2638764 scontext=unconfined_u:system_r:hotplug_t:s0 tcontext=system_ubject_r:auditd_etc_t:s0 tclass=dir


I am able to login with GDM. but it's not a normal way
1. Edit the grub with to enforcing=0 1
2. type exit command
3. restarts everything
4. again auditd failes
5. enter login id pwd and login.. but it's not the solution

Thanks for all of your help. what should i do next.

Last edited by prashant.saraf; 03-22-2009 at 03:14 PM.
 
Old 03-22-2009, 04:24 PM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
The ".M......" lines say 'rpm -qa 2>/dev/null|xargs rpm --setperms' has not run correctly. This must be done again. If you think it might be easier, you could boot your installer CD (or any Live CD), chroot to the mounted system and run things from there.
 
Old 03-22-2009, 11:41 PM   #9
prashant.saraf
Member
 
Registered: Mar 2009
Location: Hartford US
Distribution: Ubuntu and Fedora
Posts: 39

Original Poster
Rep: Reputation: 0
I have executed rpm -qV audit again, now no output is coming from it. I am able to start the system with enforcing=0. but SE Linux throws many massages every time I login, and login take time to load.

Thanks for your help
 
Old 03-23-2009, 05:02 AM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
Quote:
Originally Posted by prashant.saraf View Post
I have executed rpm -qV audit again, now no output is coming from it.
Well, you're getting somewhere...


Quote:
Originally Posted by prashant.saraf View Post
I am able to start the system with enforcing=0. but SE Linux throws many massages every time I login, and login take time to load.
Since it's in permissive mode that's OK. But I wonder what else you did except change diretory permissions. Do all services start OK now? Post some errors?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
System hangs on Boot-up at Run level 3 ayush Linux - Newbie 7 12-16-2005 09:41 AM
System hangs on Boot-up at Run level 3 ayush Red Hat 2 12-07-2005 01:26 PM
System hangs on Boot-up at Run level 3 ayush Linux - General 1 12-06-2005 11:19 AM
System hangs on Boot-up at Run level 3 ayush Linux - Enterprise 0 12-06-2005 11:15 AM


All times are GMT -5. The time now is 10:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration