Problem with audit daemon?
 

Problem in /var/log/audit/audit.log.1.
I'm working with a workstation cluster where is mounted Red Hat Enterprise (with Gnome). After that I tried to install some software some problems appears in root session. For example I'm not able to download the updates and furthermore I'm not able to open the administration of the system by GUI. I tried to restart the system and the only problem that occurs is 'audit [failed]'. So I went to read this file /var/log/audit/audit.log.1 and appears this:


type=ANOM_ABEND msg=audit(1222174623.498:608): auid=4294967295 uid=0 gid=7 ses=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 pid=7192 comm="ipp" sig=11
type=ANOM_ABEND msg=audit(1222174623.504:609): auid=4294967295 uid=0 gid=7 ses=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 pid=7193 comm="ipp" sig=11

To restart auditd is useful? How could I do to resolve my problem?

".1" is a rotated logfile. For current problems see "/var/log/audit/audit.log". If you want to see messages scroll by try 'tail -f /var/log/audit/audit.log'.


Please show exact error messages if any.


Same here: please show exact error messages if any.


Typical SE Linux policy warnings can be found by running 'grep AVC /var/log/audit/audit.log'. You can see what rules need to be adjusted in your local policy running it as 'grep AVC /var/log/audit/audit.log|audit2allow'.


No. Audtid only exists to log SE Linux AVC (Access Vector Cache) messages. For example if Auditd does not run the messages end up in /var/log/messages. In short: restarting Auditd does not change your policy nor does it "repair" or "fix" errors.