I'd like to turn auditd off but...
Stephen John Smoogen
smooge at gmail.com
Tue Nov 22 01:12:57 UTC 2011
On 21 November 2011 18:04, Brian Ross <Brian.Ross at asggroup.com.au> wrote:
> I have a client who is still running RHEL3. Over the last 12 months the
> auditd process has become steadily more and more intrusive and causing
> problems. I have attempted to turn it off but whenever I do so, suddenly
> SSH logins stop working.
>
> At the moment the only way I have to manage the auditd process is to
> regularly delete the 2+GB of log files it creates every 4 hours. Can
> anybody tell me how to turn it off without affecting other things?
>
>
I would say that your user has other problems that need to be addressed
before you can turn off audit.
1) Audit doesn't have anything to do with sshd that I can remember in
RHEL-3. So if one is turning off the other.. then I would start looking at
compromised system.
2) 2GB every 4 hours means there is something really wrong. Again I would
say its either compromised system or hardware issue.
--
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20111121/fa4a63f7/attachment.htm>
More information about the Linux-audit
mailing list