LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 03-23-2007, 01:17 PM   #1
OR13
Member
 
Registered: Jun 2006
Distribution: Fedora 14
Posts: 51

Rep: Reputation: 15
Unknown Audit Message


Lately (few weeks), when I shut the computer down, a long message (3-4 lines) about auditd appears.
I wonder whether this is a problem or just regular behaviour.
I have audit-1.4.2-3.fc6.

This is the output of 'dmesg | grep audit':
Code:
audit: initializing netlink socket (disabled)
audit(1174659000.804:1): initialized
audit(1174659010.035:2): policy loaded auid=4294967295
audit(1174659036.095:3): avc:  denied  { getattr } for  pid=1563 comm="mount.ntfs" name="modprobe" dev=dm-0 ino=5537974 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
audit(1174659036.096:4): avc:  denied  { execute } for  pid=1564 comm="mount.ntfs" name="bash" dev=dm-0 ino=3309776 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
audit(1174659036.096:5): avc:  denied  { execute_no_trans } for  pid=1564 comm="mount.ntfs" name="bash" dev=dm-0 ino=3309776 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
audit(1174659036.096:6): avc:  denied  { read } for  pid=1564 comm="mount.ntfs" name="bash" dev=dm-0 ino=3309776 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
audit(1174659036.098:7): avc:  denied  { getattr } for  pid=1564 comm="sh" name="bash" dev=dm-0 ino=3309776 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
audit(1174659036.099:8): avc:  denied  { execute } for  pid=1564 comm="sh" name="modprobe" dev=dm-0 ino=5537974 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
audit(1174659036.099:9): avc:  denied  { execute_no_trans } for  pid=1564 comm="sh" name="modprobe" dev=dm-0 ino=5537974 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
audit(1174659036.099:10): avc:  denied  { read } for  pid=1564 comm="sh" name="modprobe" dev=dm-0 ino=5537974 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
audit(1174659036.101:11): avc:  denied  { read } for  pid=1564 comm="modprobe" name="modprobe.conf" dev=dm-0 ino=8880199 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:modules_conf_t:s0 tclass=file
audit(1174659036.101:12): avc:  denied  { getattr } for  pid=1564 comm="modprobe" name="modprobe.conf" dev=dm-0 ino=8880199 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:modules_conf_t:s0 tclass=file
audit(1174659036.101:13): avc:  denied  { read } for  pid=1564 comm="modprobe" name="modules.dep" dev=dm-0 ino=1640929 scontext=system_u:system_r:mount_t:s0 tcontext=root:object_r:modules_dep_t:s0 tclass=file
audit(1174659036.101:14): avc:  denied  { getattr } for  pid=1564 comm="modprobe" name="modules.dep" dev=dm-0 ino=1640929 scontext=system_u:system_r:mount_t:s0 tcontext=root:object_r:modules_dep_t:s0 tclass=file
audit(1174659036.139:15): avc:  denied  { read write } for  pid=1564 comm="modprobe" name="fuse.ko" dev=dm-0 ino=1640133 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
audit(1174659036.139:16): avc:  denied  { lock } for  pid=1564 comm="modprobe" name="fuse.ko" dev=dm-0 ino=1640133 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
audit(1174659036.140:17): avc:  denied  { getattr } for  pid=1564 comm="modprobe" name="fuse.ko" dev=dm-0 ino=1640133 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
audit(1174659036.141:18): avc:  denied  { sys_module } for  pid=1564 comm="modprobe" capability=16 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:system_r:mount_t:s0 tclass=capability
audit(1174659036.420:19): avc:  denied  { mount } for  pid=1572 comm="fusermount" name="/" dev=hda1 ino=1 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
audit(1174659051.226:20): audit_pid=2028 old=0 by auid=4294967295 subj=system_u:system_r:auditd_t:s0

Thanks in advance,
O.R.
 
  


Reply

Tags
audit, auditd, shutdown


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Unknown error message!!!! GCONF or something? alirezan1 Linux - Newbie 3 08-08-2010 08:45 PM
app causing selinux audit message dansawyer Linux - Security 1 01-21-2007 11:44 AM
audit cupsd denied message spooon Fedora 3 07-15-2006 09:25 PM
unknown user error message niranjan_s Fedora 1 09-16-2004 03:37 PM
Xchat unknown error message. LiD Linux - Software 2 08-06-2004 11:01 PM


All times are GMT -5. The time now is 07:37 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration