LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   AIX (https://www.linuxquestions.org/questions/aix-43/)
-   -   ** failed setting kernel audit objects (https://www.linuxquestions.org/questions/aix-43/%2A%2A-failed-setting-kernel-audit-objects-859763/)

mufy 01-31-2011 07:32 AM
** failed setting kernel audit objects
 
Across the internet the problem is a known issue - due to s syntax error in /etc/security/audit/objects. This is my object file on node 2 where 'audit start' fails:
prapb242[/etc/security/audit] # cat objects

/etc/security/environ:
w = "S_ENVIRON_WRITE"

/etc/security/group:
w = "S_GROUP_WRITE"

/etc/security/limits:
w = "S_LIMITS_WRITE"

/etc/security/login.cfg:
w = "S_LOGIN_WRITE"

/etc/security/passwd:
r = "S_PASSWD_READ"
w = "S_PASSWD_WRITE"

/etc/security/user:
w = "S_USER_WRITE"

/etc/security/audit/config:
w = "AUD_CONFIG_WR"

/etc/hosts.allow:
w = "S_ALLOW_WRITE"

/etc/hosts.deny:
w = "S_DENY_WRITE"

I have the same file on node 1 of a cluster. I'm able to to start audit without any problem.

What am I missing?

mufy 02-01-2011 05:58 AM
Based on feedbacks I received from other forums this is what I did -

This is what the diff produced -
Code:
prapb241[/etc/security/audit] # diff objects.prapb242 objects.prapb241
24c24
< /etc/hosts.allow:
---
> /etc/hosts.allow :
27c27
< /etc/hosts.deny:
---
> /etc/hosts.deny :
The only thing I could find is the difference in the 'space' before the ':' -
Code:
prapb241[/etc/security/audit] # grep /etc/hosts objects.prapb241
/etc/hosts.allow :
/etc/hosts.deny :
prapb241[/etc/security/audit] # grep /etc/hosts objects.prapb242
/etc/hosts.allow:
/etc/hosts.deny:
So I copied the object file from the working node 'prapb241' to 'prapb242' -
Code:
prapb241[/etc/security/audit] # scp objects.prapb241 prapb242_mgmt:$PWD
objects.prapb241
Renamed the 'objects.prapb241' file on node 2 as -
Code:
prapb242[/etc/security/audit] # mv objects.prapb241 objects
Restarted the 'audit' service -
Code:
prapb242[/etc/security/audit] # audit shutdown
auditing reset
prapb242[/etc/security/audit] # audit start
** failed setting kernel audit objects
Still fails.


As per another suggestion this is what I did -

Did a check for the existence/absence of 'hosts' files on both the nodes -
Code:
prapb241[/etc/security/audit] # cat objects | grep /etc | cut -f1 -d: | while read x^Jdo^Jls -ltr $x^Jdone
-rw-r----- 1 root security 60 May 07 2007 /etc/security/environ
-rw-r----- 1 root security 673 Mar 30 2010 /etc/security/group
-rw-r----- 1 root security 1879 Aug 03 2010 /etc/security/limits
-rw-rw---- 1 root security 4969 Jul 13 2010 /etc/security/login.cfg
-rw------- 1 root security 2616 Jan 23 13:39 /etc/security/passwd
-rw-r----- 1 root security 15527 Jan 23 13:33 /etc/security/user
-rw-r----- 1 root audit 3479 Jan 31 15:06 /etc/security/audit/config
-rw-r--r-- 1 root system 662 Apr 28 2008 /etc/hosts.allow
-rw-r--r-- 1 root system 126 Apr 28 2008 /etc/hosts.deny

prapb242[/etc/security/audit] # cat objects | grep /etc | cut -f1 -d: | while read x^Jdo^Jls -ltr $x^Jdone
-rw-r----- 1 root security 60 May 07 2007 /etc/security/environ
-rw-r----- 1 root security 673 Mar 30 2010 /etc/security/group
-rw-r----- 1 root security 1861 Aug 03 2010 /etc/security/limits
-rw-rw---- 1 root security 4976 Jul 13 2010 /etc/security/login.cfg
-rw------- 1 root security 2928 Jan 25 11:21 /etc/security/passwd
-rw-r----- 1 root security 15063 Jan 25 11:21 /etc/security/user
-rw-r----- 1 root audit 3479 Jan 31 16:17 /etc/security/audit/config
-rw-r--r-- 1 root system 662 Apr 28 2008 /etc/hosts.allow
-rw-r--r-- 1 root system 126 Apr 28 2008 /etc/hosts.deny
Nothing missing there either!


All times are GMT -5. The time now is 06:20 AM.