audit log not being rotated

[Mike Williams]

Hi there.  I have three systems running f13 and on one of those systems
audit.log has not been rotated since July 20 when the system was first
brought up with f13.

After some digging I found a reference to a file that can be run as a cron
job to cause the log file to be rotated.
(/usr/share/doc/audit-2.0.4/auditd.cron)

The two systems on which rotating the logs has been working are both in
enforcing mode, the one that has not been rotating the log has enforcing=0

I do not remember doing anything else different as far as selinux goes on
these three boxes.  Could not find any reference to audit.log in
/etc/logrotate.conf /etc/logrotate.d/* /etc/cron.daily/* or
/etc/cron.weekly/* on any of the systems.

Any idea why one box out of three would behave differently?  It is a
worrisome difference.

Currently running the 2.6.34.6-47.fc13.i686.PAE kernel on the non-rotating
system and one of the two others.  But the behavior has not changed from the
initial installation through all of the updates since then.  All three
systems are have 2.0.4-3.fc13 of audit, audit-libs and audit-libs-python
installed.

BTW - great work on SELinux!  It has improved a great deal over the past
five years.  The only reason I have one box in permissive mode is because it
is running TWiki and I have not found time to make the changes needed to get
selinux and twiki to play nice together.

Thanks,

Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20100904/45d86cee/attachment.html