Something is deleting /var/run/syslogd.pid
jd1008
jd1008 at gmail.com
Mon Jun 22 00:40:13 UTC 2015
On 06/21/2015 06:33 PM, Tom Horsley wrote:
> On Sun, 21 Jun 2015 20:13:00 -0400
> Sam Varshavchik wrote:
>
>> After updating to F22, after the system is up for some period of time, I
>> have not determine for how long, looks like something removes
>> /var/run/syslogd.pid
> Someone was wondering what good auditd was the other day.
> I believe I read once that one of the things it can do
> is monitor who the heck modifies or deletes a file.
>
> How to get it to do that monitoring, I have no idea :-).
Some years ago, I wrote a subsystem in the BSD kernel (Not FreeBSD)
that actually did just that - every file access (even over nfs) was audited
and saved in an audit logfile, with an app that viewed or printed that log
file.
I do not know if the fedora auditd can be configured to log such access.
More information about the users
mailing list