Mailinglist Archive: opensuse-factory (297 mails)
| < Previous | Next > |
[opensuse-factory] 10.2 audit problem
- From: Sid Boyce <sboyce@xxxxxxxxxxxxxxxx>
- Date: Thu, 11 Jan 2007 16:47:33 +0000
- Message-id: <45A66A25.4050008@xxxxxxxxxxxxxxxx>
Just on one of my x86_64 boxes when booted straight into runlevel 5
auditd fails to allow Xorg to run. Going into init 3 as root and issuing
init 5, no problem. Information below is after I've done init 5 as root.
No such problem on the other boxes where /etc/auditd.conf is the same.
From /var/log/audit/audit.log earlier.
AUDIT: Fri Dec 8 15:39:53 2006: 13077 Xorg: client 7 rejected from local host (uid 1000)
AUDIT: Fri Dec 8 15:39:53 2006: 13077 Xorg: client 7 rejected from local host (uid 1000)
Warning: you haven't set a global default!
From /var/log/Xorg.0.log.old
/var/log/Xorg.0.log.old:AUDIT: Thu Jan 11 11:37:02 2007: 4017 Xorg: client 7 rejected from local host (uid 1000)
/var/log/Xorg.0.log.old:AUDIT: Thu Jan 11 11:37:02 2007: 4017 Xorg: client 7 rejected from local host (uid 1000)
# o /etc/auditd.conf
#
# This file controls the configuration of the audit daemon
#
log_file = /var/log/audit/audit.log
log_format = RAW
priority_boost = 3
flush = INCREMENTAL
freq = 20
num_logs = 4
dispatcher = /usr/sbin/audispd
DISP_qos = lossy
max_log_file = 5
max_log_file_action = ROTATE
space_left = 75
space_left_action = SYSLOG
action_mail_acct = root
admin_space_left = 50
admin_space_left_action = SUSPEND
disk_full_action = SUSPEND
disk_error_action = SUSPEND
# o /etc/audit.rules
# This file contains the auditctl rules that are loaded
# whenever the audit daemon is started via the initscripts.
# The rules are simply the parameters that would be passed
# to auditctl.
# First rule - delete all
-D
# Feel free to add below this line. See auditctl man page
# Increase the buffers to survive stress events
-b 256
# l /usr/bin/Xorg
-rws--x--x 1 root root 1762208 2006-11-28 17:01 /usr/bin/Xorg*
# auditctl -l
LIST_RULES: exit,always success!=0 syscall=open
LIST_RULES: exit,always auid=1000 (0x3e8) syscall=open
Regards
Sid.
--
Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot
Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach
Microsoft Windows Free Zone - Linux used for all Computing Tasks
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
From /var/log/audit/audit.log earlier.
AUDIT: Fri Dec 8 15:39:53 2006: 13077 Xorg: client 7 rejected from local host (uid 1000)
AUDIT: Fri Dec 8 15:39:53 2006: 13077 Xorg: client 7 rejected from local host (uid 1000)
Warning: you haven't set a global default!
From /var/log/Xorg.0.log.old
/var/log/Xorg.0.log.old:AUDIT: Thu Jan 11 11:37:02 2007: 4017 Xorg: client 7 rejected from local host (uid 1000)
/var/log/Xorg.0.log.old:AUDIT: Thu Jan 11 11:37:02 2007: 4017 Xorg: client 7 rejected from local host (uid 1000)
# o /etc/auditd.conf
#
# This file controls the configuration of the audit daemon
#
log_file = /var/log/audit/audit.log
log_format = RAW
priority_boost = 3
flush = INCREMENTAL
freq = 20
num_logs = 4
dispatcher = /usr/sbin/audispd
DISP_qos = lossy
max_log_file = 5
max_log_file_action = ROTATE
space_left = 75
space_left_action = SYSLOG
action_mail_acct = root
admin_space_left = 50
admin_space_left_action = SUSPEND
disk_full_action = SUSPEND
disk_error_action = SUSPEND
# o /etc/audit.rules
# This file contains the auditctl rules that are loaded
# whenever the audit daemon is started via the initscripts.
# The rules are simply the parameters that would be passed
# to auditctl.
# First rule - delete all
-D
# Feel free to add below this line. See auditctl man page
# Increase the buffers to survive stress events
-b 256
# l /usr/bin/Xorg
-rws--x--x 1 root root 1762208 2006-11-28 17:01 /usr/bin/Xorg*
# auditctl -l
LIST_RULES: exit,always success!=0 syscall=open
LIST_RULES: exit,always auid=1000 (0x3e8) syscall=open
Regards
Sid.
--
Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot
Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach
Microsoft Windows Free Zone - Linux used for all Computing Tasks
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |