** failed setting kernel audit objects
Across the internet the problem is a known issue - due to s syntax error in /etc/security/audit/objects. This is my object file on node 2 where 'audit start' fails:
prapb242[/etc/security/audit] # cat objects /etc/security/environ: w = "S_ENVIRON_WRITE" /etc/security/group: w = "S_GROUP_WRITE" /etc/security/limits: w = "S_LIMITS_WRITE" /etc/security/login.cfg: w = "S_LOGIN_WRITE" /etc/security/passwd: r = "S_PASSWD_READ" w = "S_PASSWD_WRITE" /etc/security/user: w = "S_USER_WRITE" /etc/security/audit/config: w = "AUD_CONFIG_WR" /etc/hosts.allow: w = "S_ALLOW_WRITE" /etc/hosts.deny: w = "S_DENY_WRITE" I have the same file on node 1 of a cluster. I'm able to to start audit without any problem. What am I missing? |
Based on feedbacks I received from other forums this is what I did -
This is what the diff produced - Code:
prapb241[/etc/security/audit] # diff objects.prapb242 objects.prapb241 Code:
prapb241[/etc/security/audit] # grep /etc/hosts objects.prapb241 Code:
prapb241[/etc/security/audit] # scp objects.prapb241 prapb242_mgmt:$PWD Code:
prapb242[/etc/security/audit] # mv objects.prapb241 objects Code:
prapb242[/etc/security/audit] # audit shutdown As per another suggestion this is what I did - Did a check for the existence/absence of 'hosts' files on both the nodes - Code:
prapb241[/etc/security/audit] # cat objects | grep /etc | cut -f1 -d: | while read x^Jdo^Jls -ltr $x^Jdone |
All times are GMT -5. The time now is 06:20 AM. |