Too many failed open syscalls
Steve M. Zak
smzak at faac.com
Wed Feb 9 17:09:50 UTC 2011
Hi,
audit-2.0.6 sounds interesting.
We have been having an issue that got much worse just recently where the audits based on nispom.rules are generating millions of failed "open" syscall events.
In the past I saw failed open for the lock files under /usr/lib64/qt-3.3/etc/settings/... This seems to be related to KDE and maybe Kdevelop. The number of events were manageable.
gdb is now asking for many files under /usr/local/gcc441/... and under a home directory where gcc was configured where users have read permissions. Does this seem like an audit issue or a gcc/gdb issue? I can filter the audit.log, but 1GB of audit logs a day is too much.
Any help would be appreciated!
Thanks!
____________________________________________
Steve M. Zak
--
This email was Anti Virus checked by Astaro Security Gateway. http://www.astaro.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110209/fda019d5/attachment.htm>
More information about the Linux-audit
mailing list