Can't Boot Pass "Starting Auditd:"
I'm using RHEL 4.6. auditd was set on for run levels 1-5. I changed something (?), now my system won't boot. It hangs on "Starting auditd:". I tried adding "enforcing=0" to GRUB. I tried adding "selinux=0" to GRUB. I tried adding "auditd=0" to GRUB. I've tried them separatly, as well as, in various combinations. I've tried entering "I" to go into interactive mode but, I'm not fast enough to hit that millisecond window.
How can I skip/get pass the "Starting auditd:"? |
Boot into single user mode and disable the startup script. After the system boots, rerun the startup script and see where it hangs.
|
Can't Boot Pass "Starting Auditd:"
stickman,
Exactly, how do I disable the startup script from single user mode? Once, I disable the startup script, I reboot the machine, correct? After, it has rebooted, then I manually run the startup script, correct? (how?) Am I running the startup script completely? Or am I modifying the startup script first? I appreciate your help, Thanks |
Ok, with the help from another forum, I was successful in narrowing down the location of the problem. It appears to be an initlog statement. Here is a copy of the trace. Any further insite is greatly appreciated.
[root@localhost init.d]# bash -x ./auditd start + PATH=/sbin:/bin:/usr/bin:/usr/sbin + . /etc/init.d/functions ++ TEXTDOMAIN=initscripts ++ umask 022 ++ PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin ++ export PATH ++ '[' –z '' ']' ++ COLUMNS=80 ++ '[' –z '' ']' +++ /sbin/consoletype ++ CONSOLETYPE=pty ++ '[' -f /etc/sysconfig/i18n -a -z '' ']' ++ . /etc/sysconfig/i18n +++ LANG=en_US.UTF-8 +++ SUPPORTED=en_US.UTF-8:en_US:en +++ SYSFONT=latarcyrheb-sun16 ++ '[' pty '!=' pty ']' ++ '[' –n '' ']' ++ export LANG ++ '[' –z '' ']' ++ '[' -f /etc/sysconfig/init ']' ++ . /etc/sysconfig/init +++ BOOTUP=color +++ GRAPHICAL=yes +++ RES_COL=60 +++ MOVE_TO_COL='echo -en \033[60G' +++ SETCOLOR_SUCCESS='echo -en \033[0;32m' +++ SETCOLOR_FAILURE='echo -en \033[O;31m' +++ SETCOLOR_WARNING='echo -en \033[0;33m' +++ SETCOLOR_NORMAL='echo -en \033[0;39m' +++ LOGLEVEL=3 +++ PROMPT=yes ++ '[' pty = serial ']' ++ '[' color '!=' verbose ']' ++ INITLOG_ARGS=-q ++ id -u + test 0 = 0 + test -f /etc/sysconfig/auditd + . /etc/sysconfig/auditd ++ EXTRAOPTIONS=-f ++ AUDITD_LANG=en_US ++ AUDITD_CLEAN_STOP=yes ++ AUDITD_DISABLE_CONTEXT=no + test -x /sbin/auditd + test -f /etc/auditd.conf + RETVAL=O + prog=auditd + case "$1" in + start + echo -n 'Starting auditd: ' Starting auditd: + '[' -z en_US -o en_US none -o en_US NONE ']' + LANG=en_US + LC_TIME=en_US + LC_ALL=en_US + LC_MESSAGES=en_US + LC_NUMERIC=en_US + LC_MONETARY=en_US + LC_COLLATE=en_US + export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE + unset HOME MAIL USER USERNAME + daemon auditd -f + local gotbase= force= + local base= user= nice= bg= pid= + nicelevel=O + '[' auditd '!=' auditd ']' + '[' –z '' ']' + base=auditd + '[' -f /var/run/auditd.pid ']' + '[' –n '' –a –z '' ']' + ulimit -S -c 0 + '[' –n '' ']' + '[' color = verbose -a -z '' ']' + '[' –z '' ']' + initlog -q -c 'auditd -f' The above line is where it hangs. Thanks again |
Quote:
Quote:
Quote:
Quote:
|
Okay, I removed "-q" and isolated the problem but, still no solution. I changed the .conf and rules files back to their defaults. When I run "initlog -c 'auditd -f'" (without the double quotes), I get the following:
[root@localhost ~]# initlog -c 'auditd -f' Config file /etc/auditd.conf opened for parsing log_file_parser called with: /var/log/audit/audit.log log_format_parser called with: RAW priority_boost_parser called with: 3 type=DAEMON_START msg=audit(1303942778.014:4537) auditd start, ver=1.0.15, format=raw, auid=4294967295 res=sucess, auditd pid=14874 type=CONFIG_CHANGE msg=audit(1303942778.013:3): audit_enabled=1 old=0 by auid=4294967295 flush_parser called with: INCREMENTAL freq_parser called with: 20 num_logs_parser called with: 4 max_log_size_parser called with: 5 max_log_size_action_parser called with: ROTATE space_left_parser called with: 75 space_action_parser called with: SYSLOG action_mail_acct_parser called with: root admin_space_left_parser called with: 50 admin_space_left_action_parser called with SUSPEND disk_full_action_parser called with: SUSPEND disk_error_action_parser called with: SUSPEND config_manager init complete Init complete, auditd 1.0.15 listening for events █ The cursor just blinks here, it never returns to the command prompt. I’m assuming this is where it is hanging in the startup script. How do I force it to exit and/or release back to the system so thing can continue in the startup script? |
All times are GMT -5. The time now is 01:02 AM. |