Hi,
is it possible to suppress success messages like:
audit(1150460352.961:685): user pid=10323 uid=500 auid=500 msg='PAM:
setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0
res=success)'
audit(1150460352.961:686): user pid=10323 uid=500 auid=500 msg='PAM:
session close acct=root : exe="/bin/su" (hostname=?, addr=?,
terminal=pts/0 res=success)'
audit(1150462861.629:687): user pid=10507 uid=0 auid=4294967295
msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?,
addr=?, terminal=cron res=success)'
audit(1150462861.629:688): login pid=10507 uid=0 old auid=4294967295
new auid=0
audit(1150462861.629:689): user pid=10507 uid=0 auid=0 msg='PAM:
session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?,
terminal=cron res=success)'
audit(1150465564.666:694): login pid=10695 uid=0 old auid=4294967295
new auid=500
audit(1150465564.666:695): user pid=10695 uid=0 auid=500 msg='PAM:
session open acct=foobar : exe="/usr/sbin/
sshd" (hostname=2001:6f8:1294:1::3, addr=?, terminal=ssh res=success)'
Everytime someone uses 'su' or newrole or ... a audit message is
created. This spams my logfiles so I would like to turn such "success
messages" of. I'm using FC5 with latest updates and selinux-policy-mls.
Best regards,
Stefan
Attachments:
- PGP.sig
(application/pgp-signature — 186 bytes)
Show replies by date
This spams my logfiles so I would like to turn such "success
messages" off.
There's no way to turn them off. The 2.6.17 kernel will have the ability to
dismiss whole message types, but not filter based on success or failure. I'd
suggest installing the audit daemon to keep all audit messages out of your
syslogs.
-Steve
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com