audit2allow failure

Gene Heskett gene.heskett at verizon.net
Wed Nov 14 10:29:52 UTC 2007 

Greetings;

Running selinux in permissive mode, the /var/log/audit/audit.log was filling 
up with squawks re cron jobs.  Seeing an example on how to run audit2allow, I 
thought I'd try it to see if that would shut the muttering up.

[root at coyote ~]# audit2allow -M local -i /var/log/audit/audit.log
compilation failed:
(unknown source)::ERROR 'syntax error' at token '' on line 6:


/usr/bin/checkmodule:  error(s) encountered while parsing configuration
/usr/bin/checkmodule:  loading policy configuration from local.te

I can't see anything different about line 6 of the log, but here is a head of 
that file:

type=USER_ACCT msg=audit(1193734801.287:27922): user pid=11880 uid=0 
auid=4294967295 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" 
(hostname=?, addr=?, terminal=cron res=success)'
type=CRED_ACQ msg=audit(1193734801.288:27923): user pid=11880 uid=0 
auid=4294967295 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" 
(hostname=?, addr=?, terminal=cron res=success)'
type=USER_START msg=audit(1193734801.288:27924): user pid=11880 uid=0 
auid=4294967295 msg='PAM: session open acct=root : exe="/usr/sbin/crond" 
(hostname=?, addr=?, terminal=cron res=success)'
type=CRED_DISP msg=audit(1193734801.312:27925): user pid=11880 uid=0 
auid=4294967295 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" 
(hostname=?, addr=?, terminal=cron res=success)'
type=USER_END msg=audit(1193734801.312:27926): user pid=11880 uid=0 
auid=4294967295 msg='PAM: session close acct=root : exe="/usr/sbin/crond" 
(hostname=?, addr=?, terminal=cron res=success)'
type=USER_ACCT msg=audit(1193734861.316:27927): user pid=11969 uid=0 
auid=4294967295 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" 
(hostname=?, addr=?, terminal=cron res=success)'
type=CRED_ACQ msg=audit(1193734861.316:27928): user pid=11969 uid=0 
auid=4294967295 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" 
(hostname=?, addr=?, terminal=cron res=success)'


contents of local.te:
------
module local 1.0;



EOF
------

The example command line shown above is I assume is correct, is it not?

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Operative (to Mal): "You can not make me angry."

Inara: "Please - spend an hour with him!"
				--"Serenity"

More information about the fedora-selinux-list mailing list