Hi,
is it possible to suppress success messages like:
audit(1150460352.961:685): user pid=10323 uid=500 auid=500 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)' audit(1150460352.961:686): user pid=10323 uid=500 auid=500 msg='PAM: session close acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)' audit(1150462861.629:687): user pid=10507 uid=0 auid=4294967295 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' audit(1150462861.629:688): login pid=10507 uid=0 old auid=4294967295 new auid=0 audit(1150462861.629:689): user pid=10507 uid=0 auid=0 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' audit(1150465564.666:694): login pid=10695 uid=0 old auid=4294967295 new auid=500 audit(1150465564.666:695): user pid=10695 uid=0 auid=500 msg='PAM: session open acct=foobar : exe="/usr/sbin/ sshd" (hostname=2001:6f8:1294:1::3, addr=?, terminal=ssh res=success)'
Everytime someone uses 'su' or newrole or ... a audit message is created. This spams my logfiles so I would like to turn such "success messages" of. I'm using FC5 with latest updates and selinux-policy-mls.
Best regards, Stefan
This spams my logfiles so I would like to turn such "success messages" off.
There's no way to turn them off. The 2.6.17 kernel will have the ability to dismiss whole message types, but not filter based on success or failure. I'd suggest installing the audit daemon to keep all audit messages out of your syslogs.
-Steve
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
selinux@lists.fedoraproject.org