LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Closed Thread
  Search this Thread
Old 05-20-2008, 08:14 AM   #1
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Rep: Reputation: 15
Smile chkconfig --add auditd


RHEL 4 Workstation 64bit Kernel 2.6.9.5-ELsmp

Typing chkconfig --add auditd results in below:

"error reading information on service auditd: No such file or directory"

Typing "chkconfig --add /sbin/auditd" has same results.

Can't understand why I can not add auditd. If I type

"chkconfig auditd" I get no errors. I type auditd and I get a PID #. I'm attempting add what I think is a service (auditd) and allow it to remain running after root logs out. Using the add service GUI interface pretty much results in the same. Am I typing somthing wrong?
 
Old 05-20-2008, 09:02 AM   #2
ChrisAbela
Member
 
Registered: Mar 2008
Location: Malta
Distribution: Slackware and Debian
Posts: 517

Rep: Reputation: 108Reputation: 108
I have booted up my RHEL4 so maybe I can help. Check if auditd is already configured as a service:

# chkconfig --list auditd

If you get any output like:

auditd 0:off 1:off 2:off 3:off 4:off 5:off 6:off

then you need only switch the service on:

# chkconfig auditd on

Then reboot or start the service manually:

#service auditd start

Last edited by ChrisAbela; 05-20-2008 at 09:03 AM.
 
Old 05-20-2008, 02:46 PM   #3
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Original Poster
Rep: Reputation: 15
Typed:

# chkconfig --list auditd

Response:

error reading information on service auditd no such file or directory

Thanks
John
 
Old 05-21-2008, 06:55 AM   #4
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Original Poster
Rep: Reputation: 15
ChrisAbela,

I got it working! History - This ystem arrived from Dell 5 months ago pre-installed. I was hired to configure the system in a secure manner. One of the requirements was to setup proper auditing and I was told that auditd complemented and enhanced the default setup.

After weeks of working this issue I learned that no up2date functions were conducted so many of these rpm files were way out of date. Working with RedHat customer support performed a
up2date (did not specify which .rpm) and 15 minutes later, updated the up2date rpm and audit rpm "only" (there were many more I might look at later). Rebooted and now auditd is working as designed.

I'm using the System Log GUI interface and pointed to the auditd.log file and noticed only two events (PID assigned to Auditd which has been activated and Kernel Message that audit was enabled) not users access files or failures to Kill processes. Maybe I need to readup on the auditctrl manpage?

John
 
Old 05-21-2008, 07:43 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,353
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541
Quote:
Originally Posted by mccartjd View Post
I'm using the System Log GUI interface and pointed to the auditd.log file and noticed only two events (PID assigned to Auditd which has been activated and Kernel Message that audit was enabled) not users access files or failures to Kill processes. Maybe I need to readup on the auditctrl manpage?
Even after consolidation you have three threads rolling about the same subject. I suggest you read the manual and continue discussing SNARE, Auditd and rules here http://www.linuxquestions.org/questi...snare.-642459/.
 
Old 05-21-2008, 08:47 AM   #6
ChrisAbela
Member
 
Registered: Mar 2008
Location: Malta
Distribution: Slackware and Debian
Posts: 517

Rep: Reputation: 108Reputation: 108
I am glad to read that you managed to set it up (despite) my help :-).
And thank you for the feed back.

Chris Abela
 
Old 05-21-2008, 03:28 PM   #7
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
mccartjd: please get your act together and keep your threads in ONE place.

http://www.linuxquestions.org/questi...snare.-642459/



Closed.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Why do I get "bash: chkconfig: command not found" when I try to run chkconfig? non-thrash Fedora 10 05-20-2010 12:31 PM
auditd: auditd startup failed cmschube Red Hat 2 05-11-2009 07:08 AM
chkconfig --add noir911 Linux - General 3 11-23-2006 01:26 AM
How do I add a program to the chkconfig --list? hunterhunter Linux - General 1 04-12-2006 05:13 PM
auditd and laus kronixx Red Hat 0 07-15-2005 05:33 PM


All times are GMT -5. The time now is 11:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration