auditd Problem, need to boot system wiht Level 1
Hi,
I am using fedora 10, and the auditd failed to start, so i am unable to login, for that i want to login with level 1, can some one tell me how to do it? or is there any solution to get in the system? |
On bootup in GRUB add (w/o outer quotes) "enforcing=0 1" as last argument to your kernels boot arguments. The "enforcing=0" disables SE Linux until rebooted and " 1" signals the machine to enter single user runlevel 1. Check the systems logs why Auditd does not want to start and please post exact error messages if any.
|
Quote:
I remembed what I did so this problme is coming. I logged in with root through gnome. in that i select the properties of '/' i.e file system, and given permission to every one even for all subdirecotry of '/' :( |
Quote:
To get things back in order you could try 'rpm --setperms filesystem' to restore topdir perms then 'rpm -qa 2>/dev/null|xargs rpm --setperms' to do the same for all other installed packages. |
I have tried 'rpm --setperms filesystem' then 'rpm -qa 2>/dev/null|xargs rpm --setperms' but still problem is there.
|
What does 'rpm -qV audit' return? Are there any errors in /varlog/messages?
|
Quote:
.M...... /sbin/audispd .M...... /sbin/auditctl .M...... /sbin/auditd .M...... /sbin/aureport .M...... /sbin/ausearch .M...... /sbin/autrace .M...... d /usr/share/doc/audit-1.7.12/COPYING .M...... d /usr/share/doc/audit-1.7.12/ChangeLog .M...... d /usr/share/doc/audit-1.7.12/README .M...... d /usr/share/doc/audit-1.7.12/auditd.cron .M...... d /usr/share/doc/audit-1.7.12/capp.rules .M...... d /usr/share/doc/audit-1.7.12/lspp.rules .M...... d /usr/share/doc/audit-1.7.12/nispom.rules .M...... d /usr/share/doc/audit-1.7.12/stig.rules .M...... /var/log/audit Quote:
Mar 23 00:27:14 xpro kernel: type=1400 audit(1237748234.566:291): avc: denied { getattr } for pid=3829 comm="rpm" path="/etc/audit" dev=dm-0 ino=2638764 scontext=unconfined_u:system_r:hotplug_t:s0 tcontext=system_u:object_r:auditd_etc_t:s0 tclass=dir I am able to login with GDM. but it's not a normal way 1. Edit the grub with to enforcing=0 1 2. type exit command 3. restarts everything 4. again auditd failes 5. enter login id pwd and login.. but it's not the solution:( Thanks for all of your help. what should i do next. |
The ".M......" lines say 'rpm -qa 2>/dev/null|xargs rpm --setperms' has not run correctly. This must be done again. If you think it might be easier, you could boot your installer CD (or any Live CD), chroot to the mounted system and run things from there.
|
I have executed rpm -qV audit again, now no output is coming from it. I am able to start the system with enforcing=0. but SE Linux throws many massages every time I login, and login take time to load.
Thanks for your help |
Quote:
Quote:
|
All times are GMT -5. The time now is 12:49 AM. |