aduitd failing to start
Steve G
linux_4ever at yahoo.com
Thu Mar 20 16:39:42 UTC 2008
> Thank you for the reply. Current version is audit-1.5.5-7.el5.
OK, I thought you were running something newer from 5.2 beta. This uses the old event dispatcher which doesn't do anything fancy. Maybe you would want to try disabling the dispatcher and see if you are still having a problem. Add a # at the beginning of the line for dispatcher= in /etc/audit/auditd.conf. This will affect setroubleshoot, though.
But I got to admit that I haven't seen this kind of behavior before for the older software. Do you have auditd.conf setup to send email alerts? Also, avcs don't tell you the whole story alone. You may need to temporarily add a simple rule like, "-w /etc/shadow -p w", to /etc/audit/audit.rules to trigger more detailed information. This sounds like a program that is being run from auditd doesn't have an auto transition and therefore appears as if it were auditd_t.
> Man pages for auditd.conf do not show name_format option. Anyway I tried
> both options name_format = none and name_format = hostname and still
> auditd fails to startup.
Yeah, that's for the newer 5.2 version.
-Steve
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
More information about the fedora-selinux-list
mailing list