Bug 246616
Summary: | Strange audit messages | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Joshua Covington <joshuacov> | ||||||||||||
Component: | seedit | Assignee: | Yuichi Nakamura <ynakam> | ||||||||||||
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||||
Severity: | medium | Docs Contact: | |||||||||||||
Priority: | low | ||||||||||||||
Version: | 7 | ||||||||||||||
Target Milestone: | --- | ||||||||||||||
Target Release: | --- | ||||||||||||||
Hardware: | i686 | ||||||||||||||
OS: | Linux | ||||||||||||||
Whiteboard: | |||||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||
Doc Text: | Story Points: | --- | |||||||||||||
Clone Of: | Environment: | ||||||||||||||
Last Closed: | 2007-07-11 01:34:56 UTC | Type: | --- | ||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||
Documentation: | --- | CRM: | |||||||||||||
Verified Versions: | Category: | --- | |||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
Embargoed: | |||||||||||||||
Attachments: |
|
Description
Joshua Covington
2007-07-03 13:21:48 UTC
Hi. There may be extra entries in audit.conf. Can you tell me the contents of /etc/audit.conf ? Created attachment 158585 [details]
found in /var/log/audit/
Created attachment 158586 [details]
found in /var/log/audit/
Created attachment 158587 [details]
found in /etc/audit/
Created attachment 158589 [details]
found in /etc/audit/
Created attachment 158590 [details]
found in /etc/
theses are the files that I found but no /etc/audit.conf. When I looked in them there is nothing unusuall for me. another user has this problem, too. here: http://forums.fedoraforum.org/showthread.php?t=159800 What happens you delete following from audit.rules, and restart audit service? -a exit,always -S chroot -a exit,always -S chdir -F obj_type=dhclient_t -a exit,always -S chdir -F obj_type=sendmail_t -a exit,always -S chdir -F obj_type=mcstransd_t -a exit,always -S chdir -F obj_type=sshd_t -a exit,always -S chdir -F obj_type=ntpd_t -a exit,always -S chdir -F obj_type=samba_t -a exit,always -S chdir -F obj_type=named_t -a exit,always -S chdir -F obj_type=klogd_t -a exit,always -S chdir -F obj_type=crond_t -a exit,always -S chdir -F obj_type=httpd_t -a exit,always -S chdir -F obj_type=auditd_t -a exit,always -S chdir -F obj_type=portmap_t -a exit,always -S chdir -F obj_type=syslogd_t ok, after deleting these rules and restarting the service i've got no more messages. actually just one but i think it is from the audit service itself and it reports that the service has exited or something like this. actually i had a similar message before installing seedit. the message is: -------------------- Jul 6 20:07:42 localhost auditd[1753]: The audit daemon is exiting. Jul 6 20:07:42 localhost audispd[1755]: input read: EOF Jul 6 20:07:42 localhost kernel: audit(1183745262.457:277): audit_pid=0 old=1753 by auid=4294967295 subj=system_u:system_r:auditd_t:s0 -------------------- as of this i think this problem has been fixed. By thy way how all these rules have been added to the rules.conf? I haven't made any manuall changes to these files. ... -a exit,always -S chdir -F obj_type=dhclient_t .... are added by seedit when converting policy. These entries are necessary for seedit's policy generating component to obtain full path information from audit.log. And I fixed seedit to remove these entries from audit.rules when uninstalling seedit. I applied the change to svn.sourceforge.net/svnroot/seedit. I think fixed seedit will be uploaded also to fedora in near future. Thanks alot about this! terefore I love fedora! ok, the problem has been fixed (credit should go to Yuichi Nakamura) but when i installed the seedit for the first time there was something strange. it made me reboot and on the reboot there was a relabelling with the seedit policy. after this a automatic restart and then lots of services wouldn't start because of problems. So i restarted in interective startup and didn't start the failed services. then uninstalled the seedit, restart, relabel with the target-policy and the messages appeared. So in my opinion seedit shouldn't automatic relable and should be more compatible with the other processes. But I cannot exactly remember what errors appered because it was for about 2 weeks. :( maybe this can help for a more user-friendly policy editor. Thanks for report.
> after this a automatic restart and then lots of services wouldn't start
> because of problems.
It is strange.
In F7, seedit is not tested well, I have to test in F7 more.
|