Displaying 20 results from an estimated 151 matches for "auditd".
Did you mean:
audit
2009 Jun 02
1
how to disable lots of auditd messages?
hello all.
My system is centos 5.x and there is no module related auditd
there is no process(daemon) related auditd and selinux definately disabled.
But I can see lots of auditd messages like below.
Oct 20 02:01:01 linux kernel: type=1106 audit(1224435661.064:65210): user pid=25860 uid=0 auid=0 msg='PAM: session close acct="root" : exe="/usr/sbin...
2009 Dec 11
1
Auditd fails to start : Connection refused
Greetings:
i have an x86_64 Centos5.3 box and i'm trying to run auditd. it fails on startup and this is the O/P at the end:
config_manager init complete
Error setting audit daemon pid (Connection refused)
type=DAEMON_ABORT msg=audit(1260554376.697:5674): auditd error halt, auid=4294967295 pid=32702 res=failed
Unable to set audit pid, exiting
The audit daemon is...
2011 Jun 01
3
puppet and environments ... need help
...0 -0500
+++ /tmp/puppet-file20110601-30205-h9qyn0-0 2011-06-01
13:27:44.471940710 -0500
@@ -12,4 +12,5 @@
# Feel free to add below this line. See auditctl man page
--w /etc/syslog-ng/syslog-ng.conf
\ No newline at end of file
+-w /etc/syslog-ng/syslog-ng.conf
+# beta
notice: /Stage[main]/Common::Auditd/File[audit.rules]/content:
current_value {md5}6a01ac645e8aed5a4f0f5c165815dc78, should be {md5}
197364e2ca6f10b9ec4d73168eabe7c6 (noop)
info: /Stage[main]/Common::Auditd/File[audit.rules]: Scheduling
refresh of Service[auditd]
notice: /Stage[main]/Common::Auditd/Service[auditd]: Would have
triggere...
2010 Apr 02
0
Watching a file using auditd
Hi,
I am using auditd to monitor files for changes (read and write actually).
I found that when auditd is running, it will correctly report files that are read, but will not report changes to a file that is being monitored.
But if I stop auditd and load audit rules using auditctl, it will work as expected.
Here's t...
2009 Aug 25
1
logcheck vs auditd
Hello,
I was just looking into parsing some various logs to get notified when my
application is not behaving correctly. Logcheck seems like the right tool
but then I also notice auditd which is another log monitoring/reporting
tool. Can someone explain if these two tools serve similar purposes or do
they each have a different purpose? I've done a bit of reading but figure
someone here knows more.
Thanks for your insight.,
Milan
-------------- next part --------------
An...
2004 Jul 22
2
Potential Patch
...ain tree.
Additionally, the more of this that gets into the main tree the easier
upgrades become for us, which is always a plus.
So if you would be willing to put the following changes into the main tree, I
will clean up my patch to 3.8p1 and send it in. Feed back welcome:
Changes:
1. Solaris BSM/Auditd supprt
This is properly ifdef'd out, and I added support in the autoconf stuff to
only enable it in Solaris. For those unfamiliar there is a special logging
system you can optionally enable in solaris that logs every occurance of a
certain (definable) subset of system calls. It has a kernel cou...
2015 Jul 23
2
rsyslog.conf
...ying to deal with the hourly logs from the
> loghost. We've got 170+ servers and workstations... but a *very* large
> percentage of what's showing up is from his bloody new fedora 22, with its
> idiot systemd logging of *ever* selinux message to /var/log/messages.
systemctl enable auditd
systemctl start auditd
Now your SELinux (and other audit) logs are going to
/var/log/audit/audit.log.
--
Jonathan Billings <billings at negate.org>
2020 Sep 14
0
Auditd NETFILTER_PKT record missing src port, dst port
Dear team
The auditd log for NETFILTER_PKT event does not contain the src port ,
desination port , in and out interface .
Has it been removed permanently (
https://patchwork.kernel.org/patch/9638183/)
or can it be enabled by some configuration by auditctl ?
centos version : CentOS Linux release 7.6.1810 (C...
2010 Jun 27
0
Stop auditd logging all commands
Hello everyone,
I have this box where auditd is logging every command typed on the system
onto: /var/log/audit/audit.log
Every line looks like:
type=USER_TTY msg=audit msg=audit(124433....<snip> msg="command here" ...
The strange thing is that I have other similar boxes and I don't see this
behavior. I don't see a...
2011 Jan 18
0
OT: Some examples about using auditd
Hi all,
I need to do some tests about auditd funcionalities on two CentOS5.5 hosts. I need
to audit when user executes sudo command, when system files are modified, when some
process call to some system calls, when kernel semaphores are modified, etc.
I see some examples on /usr/shae/doc/audit-x.x.x, but I will know if someone has
more...
2005 Jun 02
0
auditd logs
I've noticed my disk space filling up rapidy on my mail server, I
noticed that /var/log/audit.d is using 2.1 G. Is it safe to remove
those log files?
2004 Dec 13
1
Status of Sun BSM/Auditd Support ?
Hey folks,
About a year ago it was pointed out to me there was BSM support in CVS that
would hopefully make it into a release soon. I had a look over it and it looks
like it covers everything (it certainly covers more than the 3 or 4 things we
do here at USC).
So I'm wondering what the status of that is? Is it planned for a release soon?
Are there issues with it? This is a really big feature
2011 Nov 10
3
Misterious hang
Hi all,
Recently one my Centos 5.7 VM just crashes at least once a day randomly (hang).
In /var/log/messages there is nothing at all that there is problem (no
error, no failure). The log just stops.
The only change I did before this crashes is I activated LDAP
authentication, and also auditd. But I don't see any evidence relating
to it.
Any clue where to look for the cause?
Thank you.
Fajar
2006 Jun 05
0
Heads up: OpenBSM 1.0a6, per-auditpipe preselection imported to CVS (fwd)
...now assume that IP addresses and ports are provided
in network byte order. APIs now generally provide these types in
network byte order when decoding.
- Beginnings of an OpenBSM test framework can now be found in openbsm/test.
This code is not built or installed by default.
- auditd now assigns more appropriate syslog levels to its debugging and
error information.
- Support for audit filters introduced: audit filters are dynamically
loaded shared objects that run in the context of a new daemon,
auditfilterd. The daemon reads from an audit pipe and feeds both...
2015 Jan 23
2
find out who accessed a file
On Fri, January 23, 2015 3:13 pm, Jonathan Billings wrote:
> On Fri, Jan 23, 2015 at 03:50:44PM -0500, Tim Dunphy wrote:
>> Is there any way to find out the last user to access a file on a CentOS
>> 6.5 system?
>
> Unless you're using auditd (or a similar service) to watch the file,
> no. You could probably use the logs and `last` to see who was logged
> in at the time and make a guess.
>
Also, you can look into shell history files (though that might be cleaned
by users). Admin is allowed to do that when investigates inciden...
2015 Jul 23
0
rsyslog.conf
...ogs from the
>> loghost. We've got 170+ servers and workstations... but a *very* large
>> percentage of what's showing up is from his bloody new fedora 22, with
>> its
>> idiot systemd logging of *ever* selinux message to /var/log/messages.
>
> systemctl enable auditd
> systemctl start auditd
>
> Now your SELinux (and other audit) logs are going to
> /var/log/audit/audit.log.
Um, no. That was where I started this thread - my manager updated his
fedora box from 20 to 22, and there's a bug about it
<https://bugzilla.redhat.com/show_bug.cgi?id=1...
2013 Apr 30
0
httpd writes much to /var? How to audit it properly?
...l6.centos.plus.x86_64
CentOS release 6.3 (Final)
>From time to time (it happenes on different machines) I have a very high
load up to 100, and I see that there are up to 300/s writes to /var at the
same time. Apache restart solves the problem. I would like to know the
reason so I decided to use auditd.
I've used:
auditctl -w /var -p warx
And for example:
ausearch -f /var -i -ts 04/29/2013 23:00:00 -te 04/29/2013 23:01:00 -ua
11111 | grep 'syscall=open' | wc -l
gives me "5" but in my monitoring I see that there were up to 300 writes
per second to /var at the same moment (...
2007 Sep 03
1
Linux User Auditing
Is it possible to audit the Linux User Shell? I am trying to gather what
commands a user is running no our systems.
Can auditd handle this?
TIA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20070903/3d4d491d/attachment.html>
2016 Oct 26
4
Anyone know anything about slurm on CentOS 7?
The recently-left programmer did *something*, and he didn't know what, and
the guy who picked it up is working with me to find out why
/var/log/messages is getting flooded with
Oct 26 11:01:06 <servername> kernel: type=1105
audit(1477494066.569:642430): pid=108551 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0
msg='op=PAM:session_open
2011 May 30
0
logcheck rules submission
Hi,
please add the following rule to the logcheck database:
For package/daemon auditd:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ auditd\[[[:digit:]]+\]: Audit daemon rotating log files$
Log line as system event:
May 31 11:41:11 localhost auditd[2594]: Audit daemon rotating log files
Regards
Till