On Thursday 28 July 2005 8:18 am, Steve G wrote:
>Tonight, a yum update picked up new versions of audit,
audit-libs, and
>audit-libs-devel. Are these the kinds of patches you're referring to?
Not really. The main thing about this round of updates is that it quietens
messages that are caused by delete file system watches not being supported
by current kernels.
We have a reference audit implementation that I work to. We have just begun
to get the filesystem watch implementation upstream. It was pointed out
that there is some overlap between inotify and the audit system. So, we are
trying to create a common framework that both audit and inotify can clip
into. Then when this gets accepted upstream, Fedora will pick up the new
kernel and all will be better. This process may take a month.
I need to learn more - I'm afraid you've gone over my head - but thanks. After
the cited round of updates, I got this in my overnight logwatch: is there
anything I need to get worried about?
--------------------- Selinux Audit Begin ------------------------
*** Denials ***
system_u system_u (dir): 22 times
system_u system_u (file): 34 times
system_u system_u (netif): 2 times
system_u system_u (netlink_audit_socket): 1 times
system_u system_u (netlink_route_socket): 1 times
system_u system_u (node): 2 times
system_u system_u (sock_file): 3 times
system_u system_u (tcp_socket): 5 times
system_u system_u (udp_socket): 10 times
system_u user_u (sock_file): 1 times
**Unmatched Entries** (Only first 10 out of 89 are printed)
The audit daemon is exiting.
audit: *NO* daemon at audit_pid=1920
audit(1122440737.973:10895603): arch=40000003 syscall=102 success=no
exit=-22 a0=b a1=bf909cc0 a2=80510f8 a3=0 items=0 pid=17997 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="auditctl"
exe="/sbin/auditctl"
audit(1122440737.973:10895603): saddr=100000000000000000000000
audit(1122440737.973:10895603): nargs=6 a0=3 a1=bf90be1c a2=10 a3=0
a4=bf90dfb8 a5=c
audit(1122440738.074:10895623): SELinux: unrecognized netlink message
type=1009 for sclass=49
audit(1122440738.074:10895623): arch=40000003 syscall=102 success=no
exit=-22 a0=b a1=bf909ca0 a2=80510f8 a3=0 items=0 pid=17997 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="auditctl"
exe="/sbin/auditctl"
audit(1122440738.074:10895623): saddr=100000000000000000000000
audit(1122440738.074:10895623): nargs=6 a0=3 a1=bf90bdfc a2=10 a3=0
a4=bf90df98 a5=c
Init complete, auditd 0.9.15 listening for events
---------------------- Selinux Audit End -------------------------
--------------------- Cron Begin ------------------------
**Unmatched Entries**
ENTRYPOINT FAILED but SELinux in permissive mode, continuing (/etc/crontab)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/mrtg)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/sysstat)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/mailman)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing (/etc/crontab)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/mrtg)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/sysstat)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/mailman)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing (/etc/crontab)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/mrtg)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/sysstat)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/mailman)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing (/etc/crontab)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/mrtg)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/sysstat)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/mailman)
---------------------- Cron End -------------------------
--
Claude Jones
Bluemont, VA, USA