check_second_connection stopping my recovery?
Steve Grubb
sgrubb at redhat.com
Tue Dec 1 18:10:24 UTC 2009
On Wednesday 18 November 2009 06:01:10 pm LC Bruzenak wrote:
> It appears to me as though the new connection code in auditd-listen.c
> is stopping my recovery actions.
<snip>
> So it appears to me that this is now prohibited. Was this intentional?
Yes, it was. With the reconnect code its possible to DoS a server, so the
connections need to be limited. I think the best solution is to make an admin
tweakable setting that defaults to 1 and you can set it to 2. Your recovery
technique won't be needed in the long term since its planned to have a store-
and-forward model so nothing is lost and its automatically recovered on start
up.
-Steve
More information about the Linux-audit
mailing list