Selinux Audit "Unmatched Entries"?
Daniel J Walsh
dwalsh at redhat.com
Thu Jul 30 14:05:52 UTC 2009
On 07/30/2009 04:49 AM, Frank Murphy wrote:
> Waht does all this mean from logwatch,
> What are in plain speak unmatched entries?
>
>
> --------------------- Selinux Audit Begin ------------------------
>
> Number of audit daemon starts: 5
>
> Number of audit daemon stops: 6
>
> **Unmatched Entries**
> audit(1248863231.539:55834): auid=4294967295 ses=4294967295
> subj=system_u:system_r:readahead_t:s0 op=remove rule key=(null) list=2
> res=1
> audit(1248863231.539:55835): audit_enabled=0 old=1 auid=4294967295
> ses=4294967295 subj=system_u:system_r:readahead_t:s0 res=1
> audit(1248865986.300:28653): auid=4294967295 ses=4294967295
> subj=system_u:system_r:readahead_t:s0 op=remove rule key=(null) list=2
> res=1
> audit(1248865986.300:28654): audit_enabled=0 old=1 auid=4294967295
> ses=4294967295 subj=system_u:system_r:readahead_t:s0 res=1
> audit(1248867118.172:28695): auid=4294967295 ses=4294967295
> subj=system_u:system_r:readahead_t:s0 op=remove rule key=(null) list=2
> res=1
> audit(1248867118.172:28696): audit_enabled=0 old=1 auid=4294967295
> ses=4294967295 subj=system_u:system_r:readahead_t:s0 res=1
> config change requested by pid=9598 auid=500
> subj=unconfined_u:system_r:initrc_t:s0
> audit(1248871767.418:3339) config changed, auid=500 pid=9598
> subj=unconfined_u:system_r:initrc_t:s0 res=success
>
> ---------------------- Selinux Audit End -------------------------
>
These are audit messages, not SELinux AVC messages or any kind of SELinux message.
More information about the fedora-selinux-list
mailing list