audit log for "setenforce" changes?
Eric Paris
eparis at redhat.com
Mon Jan 14 17:46:52 UTC 2008
hmmm, are you getting any audit messages? Maybe a long time back your
ran out of disk space and auditd stopped logging? If you service auditd
restart and it can't log for some reason it should tell you
in /var/log/messages...
maybe auditd is turned off? what do you get from auditctl -s ?? is it
enabled? maybe you ran auditctl -e 0 at some time?
assuming audit isn't running the message in dmesg looks like:
type=1404 audit(1200447974.622:247): enforcing=0 old_enforcing=1
auid=4294967295 ses=4294967295
and the corresponding /var/log/messages:
Jan 15 20:46:14 dhcp231-146 kernel: type=1404 audit(1200447974.622:247):
enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295
start telling me about all of your versions, are they all stock or did
you build some of these parts yourself. Because I can't find a way to
reproduce the problem to fix it....
-Eric
On Mon, 2008-01-14 at 12:35 -0500, Chuck Anderson wrote:
> On Sat, Jan 12, 2008 at 08:37:04AM -0500, Eric Paris wrote:
> > Do you have auditd running? If not look in dmesg or /var/log/messages
> > instead of ausearch because it seems to be working fine for me....
>
> Yes, I do have auditd running.
>
> #service auditd status
> auditd (pid 2523) is running...
> #service rsyslog status
> rsyslogd (pid 19658) is running...
> rklogd (pid 19664) is running...
> #ausearch -m MAC_STATUS
> <no matches>
> #setenforce 0
> #ausearch -m MAC_STATUS
> <no matches>
> #setenforce 1
> #ausearch -m MAC_STATUS
> <no matches>
> #setenforce 0
> #ausearch -m MAC_STATUS
> <no matches>
> #grep setenforce /var/log/messages
> #grep setenforce /var/log/syslog
> #grep setenforce /var/log/secure
> #dmesg|grep setenforce
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list