Problem with audit daemon?

LinuxQuestions.org

Help answer threads with 0 replies.

		LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
Problem with audit daemon?

Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

Are you new to LinuxQuestions.org? Visit the following links:
Site Howto | Site FAQ | Sitemap | Register Now

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.

Exclusive for LQ members, get up to 45% off per month. Click here for more info.

Reply

Search this Thread

12-22-2008, 04:52 AM	#1
agostino84 LQ Newbie Registered: Dec 2008 Posts: 6 Rep:	Problem with audit daemon? Problem in /var/log/audit/audit.log.1. I'm working with a workstation cluster where is mounted Red Hat Enterprise (with Gnome). After that I tried to install some software some problems appears in root session. For example I'm not able to download the updates and furthermore I'm not able to open the administration of the system by GUI. I tried to restart the system and the only problem that occurs is 'audit [failed]'. So I went to read this file /var/log/audit/audit.log.1 and appears this: type=ANOM_ABEND msg=audit(1222174623.498:608): auid=4294967295 uid=0 gid=7 ses=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 pid=7192 comm="ipp" sig=11 type=ANOM_ABEND msg=audit(1222174623.504:609): auid=4294967295 uid=0 gid=7 ses=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 pid=7193 comm="ipp" sig=11 To restart auditd is useful? How could I do to resolve my problem?

Old

12-22-2008, 04:44 PM

#2

unSpawn

Moderator

Registered: May 2001

Posts: 29,415

Blog Entries: 55

Rep:

Reputation: 3600

Reputation: 3600

Reputation: 3600

Reputation: 3600

Reputation: 3600

Reputation: 3600

Reputation: 3600

Reputation: 3600

Reputation: 3600

Reputation: 3600

Reputation: 3600

Quote:

Originally Posted by agostino84

View Post

Problem in /var/log/audit/audit.log.1

".1" is a rotated logfile. For current problems see "/var/log/audit/audit.log". If you want to see messages scroll by try 'tail -f /var/log/audit/audit.log'.

Quote:

Originally Posted by agostino84

View Post

I'm not able to download the updates

Please show exact error messages if any.

Quote:

Originally Posted by agostino84

View Post

I'm not able to open the administration of the system by GUI.

Same here: please show exact error messages if any.

Quote:

Originally Posted by agostino84

View Post

type=ANOM_ABEND msg=audit(1222174623.498:608): auid=4294967295 uid=0 gid=7 ses=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 pid=7192 comm="ipp" sig=11
(..)
How could I do to resolve my problem?

Typical SE Linux policy warnings can be found by running 'grep AVC /var/log/audit/audit.log'. You can see what rules need to be adjusted in your local policy running it as 'grep AVC /var/log/audit/audit.log|audit2allow'.

Quote:

Originally Posted by agostino84

View Post

To restart auditd is useful?

No. Audtid only exists to log SE Linux AVC (Access Vector Cache) messages. For example if Auditd does not run the messages end up in /var/log/messages. In short: restarting Auditd does not change your policy nor does it "repair" or "fix" errors.

Reply

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is Off HTML code is Off Forum Rules

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
How can I read the audit time stamp? msg=audit(1213186256.105:20663)	abefroman	Linux - Software	3	04-21-2011 06:37 PM
Problem with X11 audit	MRMadhav	Fedora	1	11-04-2006 08:14 PM
Configuring the audit daemon of RHEL4 update 2	herrmag	Linux - Security	0	05-08-2006 04:39 PM
what's audit daemon for?	liyuefu	Linux - General	2	06-23-2005 11:37 AM
Audit Daemon in RH 7.3	oulevon	Linux - Security	1	08-06-2002 07:20 AM

All times are GMT -5. The time now is 06:32 AM.

Main Menu

Advertisement

My LQ

Write for LQ

LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.

Main Menu

Syndicate

Latest Threads

LQ News

Twitter: @linuxquestions

Open Source Consulting | Domain Registration