Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Fedora This forum is for the discussion of the Fedora Project.


  Search this Thread
Old 05-18-2007, 12:33 AM   #1
LQ Newbie
Registered: Jan 2005
Posts: 18

Rep: Reputation: 0
how to prevent audits under FC6

More FC6 problems.

Boot on this 1.8 GHz laptop is inordinately sloooow because of two
audits that are run every time it restarts. I thought that disabling
SELinux via
System / Administration / Security Level and Firewall
would get rid of the problem, but it doesn't. Short of switching to
a different distribution, how can I eliminate this pain in the neck?
Old 05-18-2007, 04:29 AM   #2
Senior Member
Registered: Dec 2005
Location: Indiana
Distribution: RHEL/CentOS/SL 5 i386 and x86_64 pata for IDE in use
Posts: 4,790

Rep: Reputation: 57
System--> Administration--> Services edit all the run levels and un-check and stop/save changes for auditd

Or as root type:
service auditd stop
chkconfig --levels 345 auditd off

Last edited by Lenard; 05-18-2007 at 04:31 AM.
Old 05-20-2007, 08:57 PM   #3
LQ Newbie
Registered: Jan 2005
Posts: 18

Original Poster
Rep: Reputation: 0
Audits happen at boot, yet auditd isn't listed as a running service, nor
does it even appear as a nonrunning service in the list of Background
Services offered by the
System / Administration / Server Settings / Services
GUI tool.

dmesg | grep audit
audit: initializing netlink socket (disabled)
audit(1179692670.192:1): initialized
audit(1179692677.036:2): selinux=0 auid=4294967295
audit(1179707144.757:3): dev=vif0.0 prom=256 old_prom=0 auid=4294967295
audit(1179707155.377:4): dev=peth0 prom=256 old_prom=0 auid=4294967295

I suspect that at least two, if not all, of these "audit" messages are
issued by some component of xen. The very first message
(that is, audit: initializing netlink socket (disabled))
is preceded immediately by this message:
IA-32 Microcode Update Drive: v1.14-xen <>

xend is another time-wasting useless feature on this laptop. Maybe it's fine
for a server that is on most of the time, but not so great on a laptop that is
on only intermittently and used mostly off-line--in fact usually booted
without any network connection. Even if an ethernet cable is attached at
boot, I prefer for the ethernet interface to be disabled at boot.

Today I noticed that, if the ethernet cable is not connected, xend waits for
about 1.5 minutes before allowing the boot sequence to continue. If the cable
is attached at boot time, xend only wastes about 25 seconds, and the ethernet
interface is activated (even though I don't want it to be).

Most of my use
of it is off-line, so I usually boot it without any network connection.
Should I just uninstall xen altogether? Both kernels on this laptop are xen
kernels--an accident of initial installation. Would they still run if I
uninstall xen? Until I know for sure, it seems safer to stop xend.

After stopping xend at all runlevels, boot is much faster. Also, only the
first 3 "audit" messages appear.
Old 05-21-2007, 06:19 AM   #4
Senior Member
Registered: Dec 2005
Location: Indiana
Distribution: RHEL/CentOS/SL 5 i386 and x86_64 pata for IDE in use
Posts: 4,790

Rep: Reputation: 57
Using a non xen kernel shows,

$ chkconfig --list
auditd          0:off   1:off   2:on    3:off   4:off   5:off   6:off


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Installed Xubuntu and FC6, but FC6 wont boot, is there a solution? mitchell7man Linux - General 3 05-01-2007 04:27 PM
installed fc6 on seperate partition, same hard drive with xp, fc6 wont boot frankandsense Linux - Newbie 6 02-22-2007 02:50 AM
XEN. Problem with install guest FC6 (i386) on platform FC6 (x86_64) Alex_Saf Fedora 0 12-04-2006 12:15 AM
information from someone who routinely audits Windows and Linux machines studpenguin Linux - Security 35 07-02-2005 05:14 PM
question about security audits wedgeworth Linux - Software 2 04-20-2004 08:02 PM > Forums > Linux Forums > Linux - Distributions > Fedora

All times are GMT -5. The time now is 04:35 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration