Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
In FC4, somwhow, I have auditd running. I found how to disable it, but I really want it to not run anymore. How? Root cannot even kill -9 this process. What starts that thing, anyway?
TIA, Ray
Thank you, and that ran without any comment. Level 35??? What the heck is that?
Further, I don't really want to reboot the box, is there a way to kill the now running auditd?
Excuse me if I get anything wrong here - first post. Am a -ish experienced *nix admin, but mostly with Solaris. Just installed fc4 as a home server with 2 fc4 clients... looking good so far
Anyway -
Quote:
chkconfig --level 35 auditd off
chkconfig is used to set the on/off levels of services, with levels being the systems "init" level (or "runlevel"). For example, init level 3 is full networking system, without starting X (I think), whereas init level 5 is usually with X started. Try logging in as root and running an init 6 when you want to reboot your system.
So that chkconfig line above turns off the auditd service at levels 3 or 5. You could also do a "chkconfig auditd off" to turn it off at all runlevels.
Quote:
I don't really want to reboot the box, is there a way to kill the now running auditd?
Another good command is "service". If you try "service auditd status", it will probably tell you it's running, with it's pid (process id - find using "ps -ef | grep pid"). To start a service you can use "service auditd stop"... Try running "service servicename" to find out which parameters can be passed to a service - usually start/stop/restart/status/reload.
Hope this has helped make things a little clearer - and sorry if I'm teaching you to suck eggs :P
Not at all, thank you very much. I JUST NOW learned that chkconfig can take multiple level arguments, as in 35 to cut it off in those 2 levels. I did not know that. Helpful. I start in level 3, but, should I ever change to the GUI login, things should match, and there be no surprises.
The service command does not know a thing about auditd, though.
A kill -9 wont stop the thing either.
Oh, well, the next boot should get it done.
Strange that the "service" command doesn't recognise auditd. Is this with a standard FC4 install ?? Or have you been moving scripts from /etc/init.d ??
My output :
[root@home1 ~]# service auditd
Usage: /etc/init.d/auditd {start|stop|status|restart|condrestart|reload}
[root@home1 ~]#
Anyway, if you're sure the service command isn't picking it up, you could always try "/etc/init.d/auditd stop".
Sry hlyrad, but I didn't quite understand your post. The man page doesn't give any special instructions for hung processes.
GL1800 - TBH it sounds like the processes has hung, or at least in an errored state. A reboot is the only answer if the process won't respond even to a kill -9. The /etc/init.d/auditd stop command will be issued when the system comes down - might take a few seconds to respond as it will fail (as you proved), but at least you'll get a clean system again.
Yes, thanks, and yes, service is in my path, it's just that it doesn't believe auditd is it's responsibility, it returns "unknown service" when I try to use it. Nevertheless, going to the rc3.d directory does allow control, so we do have it "stopped" although, it is still making notes I don't want. I will reboot someday soon, and we'll see if it tries to restart itself.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.