Bug 177321
Summary: | audit daemon off, continued errors in /var/log/cron log | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Tom O'Brien <tom.obrien> |
Component: | vixie-cron | Assignee: | Marcela Mašláňová <mmaslano> |
Status: | CLOSED DEFERRED | QA Contact: | Brock Organ <borgan> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.0 | CC: | tom.obrien |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-10-30 09:50:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tom O'Brien
2006-01-09 16:34:29 UTC
I'm not able to reproduce this problem here, ie. seeing the log message: 'LAuS error - do_command.c:182 - laus_log: (19) laus_log: No such device '. The issue would appear to be with the kernel support for the /dev/audit file, which gets created during the initial installation of the laus package, with: # /bin/mknod /dev/audit c 10 224 and is supported in the kernel by the audit module. The 'audit' module must be installed, otherwise I/O operations on this file will fail with errno set to ENODEV (19) : 'No such device' - ie. the command # lsmod | grep audit should find the audit module. If the main crond process has succeeded in the initial open of /dev/audit, (LAuS auditing is enabled), each cron job child process attempts to do LAuS logging ioctls to the file descriptor for this file. So what appears to have happened to your servers is that the main crond process initially succeeded in opening /dev/audit, so LAuS logging is enabled in the main crond process, but then the 'audit' kernel module was removed, so that subsequent writes by crond child processes fail, and the 'laus_log: No such device' message is generated. But I am unable to get a system into the state of any process having open file descriptors to the audit device, and then being able to uninstall the audit module. The logging of this error message: 'LAuS error - do_command.c:182 - laus_log: (19) laus_log: No such device' should disappear after restarting crond or rebooting the machine. Please supply some further information: 1. On the systems where the problem occurs, is the audit module installed ? If not, does just doing an # modprobe audit stop the log messages being generated ? 2. Does restarting crond fix the problem ? (crond should have been restarted during upgrade - if not, this could be the cause of this bug - but I've not been able to reproduce this either). 3. Does the problem persist after rebooting the machine ? 4. What version of the kernel are you running ? Several bugs with the laus/audit modules in the kernel were fixed, and you'd be advised to upgrade to the latest kernel-2.4.21-37.EL in RHEL-3-U6 . Answers to the questions: 1. The audit module is installed (stock kernel) - lsmod | grep audit returns an answer (see eg) [root@customer1 root]# lsmod | grep audit audit 90744 2 - doing a modprobe audit had no effect on the cron logging problem 2. Restarting the cron daemon has no effect on the logging problem either 3. After a reboot, the logging stops 4. We're running a post U4 kernel (but will not upgrade to U6 until March) 2.4.21-27.0.2.ELsmp We're not removing the audit module; if we did, wouldn't we have to do so every time we upgrade kernels? The module is installed by default in RHEL, correct? Hello, sorry for not replying so long. Did you update to the latest-kernel? And have you still problems? It sounds to me like problem non related to cron. This problem will be resolved in a future major release of Red Hat Enterprise Linux. Red Hat does not currently plan to provide a resolution for this in a Red Hat Enterprise Linux update for currently deployed systems. |