auditd: auditd startup failed
Hello,
I'm having issues getting auditd started (obviously). I just installed SNARE on a RHEL3 box and when it tries to start, it fails. Here is my log.. **SNIP*** Oct 9 16:00:18 lnx001 audit: auditd shutdown failed Oct 9 16:01:18 lnx001 auditd: auditd shutdown failed Oct 9 16:01:18 lnx001 auditd[4344]: Started dispatcher: /usr/sbin/SnareDispatcher pid: 4346 Oct 9 16:01:18 lnx001 auditd[4344]: Unable to set audit pid, exiting Oct 9 16:01:18 lnx001 auditd[4344]: The audit daemon is exiting. Oct 9 16:01:18 lnx001 auditd: Cannot daemonize (Interrupted system call) Oct 9 16:01:18 lnx001 auditd: The audit daemon is exiting. Oct 9 16:01:18 lnx001 auditd: auditd startup failed Oct 9 16:02:33 lnx001 auditd[4423]: Started dispatcher: /usr/sbin/SnareDispatcher pid: 4425 Oct 9 16:02:33 lnx001 auditd[4423]: Unable to set audit pid, exiting Oct 9 16:02:33 lnx001 auditd[4423]: The audit daemon is exiting. Oct 9 16:02:33 lnx001 auditd: Cannot daemonize (No child processes) Oct 9 16:02:33 lnx001 auditd: The audit daemon is exiting. Oct 9 16:02:33 lnx001 auditd: auditd startup failed **SNIP*** Any ideas? Thanks, cmschube |
Quote:
|
auditd fails to start after snare install
I had the same issue with Red hat 5.
There are permissions to check on 2 files to get this corrected # chmod 0600 /var/log/audit/audit.log # chmod 0750 /usr/share/SnareDispatchHelper Wah-Lah! now you can open Snare web utility using http://127.0.0.1:6161 (that's if you stayed with the defaulf config) also if you check again and run # /etc/init.d/auditd start OK instead of [FAILED] if this doesn't do the trick, check your /var/log messages for answers happy auditing |
All times are GMT -5. The time now is 02:50 PM. |