Quote:
What does 'rpm -qV audit' return?
|
[root@xpro blackperl]# rpm -qV audit
.M...... /sbin/audispd
.M...... /sbin/auditctl
.M...... /sbin/auditd
.M...... /sbin/aureport
.M...... /sbin/ausearch
.M...... /sbin/autrace
.M...... d /usr/share/doc/audit-1.7.12/COPYING
.M...... d /usr/share/doc/audit-1.7.12/ChangeLog
.M...... d /usr/share/doc/audit-1.7.12/README
.M...... d /usr/share/doc/audit-1.7.12/auditd.cron
.M...... d /usr/share/doc/audit-1.7.12/capp.rules
.M...... d /usr/share/doc/audit-1.7.12/lspp.rules
.M...... d /usr/share/doc/audit-1.7.12/nispom.rules
.M...... d /usr/share/doc/audit-1.7.12/stig.rules
.M...... /var/log/audit
Quote:
Are there any errors in /varlog/messages?
|
I am sorry but did not understand most of it. I have searched for auditd and found this
Mar 23 00:27:14 xpro kernel: type=1400 audit(1237748234.566:291): avc: denied { getattr } for pid=3829 comm="rpm" path="/etc/audit" dev=dm-0 ino=2638764 scontext=unconfined_u:system_r:hotplug_t:s0 tcontext=system_u
bject_r:auditd_etc_t:s0 tclass=dir
I am able to login with GDM. but it's not a normal way
1. Edit the grub with to enforcing=0 1
2. type exit command
3. restarts everything
4. again auditd failes
5. enter login id pwd and login.. but it's not the solution
Thanks for all of your help. what should i do next.