Hello, Am Mittwoch, 20. August 2014 schrieb pinguin74:
Any hints on that?
I really don´t want to create profiles completely manually....
Have you made sure apparmor and auditd are running, i.e. systemctl status apparmor.service and systemctl status auditd.service?
Yes, I found out, auditd wasn´t running. I wonder why they don´t start it by default since AA needs it...
Technically, auditd isn't needed - syslog also works (but auditd has some advantages). The problem in your case is that you had auditd running in the past. aa-genprof and aa-logprof check if /var/log/audit/audit.log exists. If yes, they read it. Otherwise they automatically fall back to /var/log/messages. You can force aa-logprof and aa-genprof to a specific logfile by using -f /var/log/messages as parameter. Regards, Christian Boltz -- Weißt Du, man soll ja eigentlich keine Leute auf öffentlichen Mailinglisten beschimpfen, sie kratzen oder ihnen Tiernamen geben. Aber die traumwandlerische Sicherheit, mit der Du den relevanten Teil des Logs weggeschnitten hast, ist schon beeindruckend. Also, Du Hängebauchschwein, fühl Dich beschimpft und gekratzt ;-) [Stefan Förster in postfixbuch-users] -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org