I run the 4.11 kernels on F25. For the last couple of kernels I've
compiled, they constantly write messages from auditd to the virtual
consoles. Working away, and suddenly 10 lines of output appear and
overwrite the console.
The auditd libraries and binaries were also upgraded a couple
times around the time that this started happening, so I'm not sure which
of the two caused this, the kernel or auditd.
I mention it here because the 4.11 kernel is a release kernel now, and
will likely be coming to F25 at some point. If it does, you can try
the below workaround.
Add the following line to the end of /etc/audit/rules.d/audit.rules.
-a never,exit -S all -F res=success
This isn't a very good thing to do if you are running a server, because
successful system calls can be useful for finding intrusions and
problems. But I don't have any internet facing services, so I'm not
really interested in these. I no longer have the messages appearing in
the virtual consoles.
Of course you can just comment out the
-a task,never
line, and there will be no rules, and thus no messages, because the -D
erases them.
Here's a link to some rules that seem practical for standalone
computers.
https://security.stackexchange.com/questions/4629/simple-example-auditd-c...
The last comment there is pertinent. I am not an expert, so take my
advice with a grain of salt.