On Thursday 28 July 2005 8:18 am, Steve G wrote:
> >Tonight, a yum update picked up new versions of audit, audit-libs, and
> >audit-libs-devel. Are these the kinds of patches you're referring to?
>
> Not really. The main thing about this round of updates is that it quietens
> messages that are caused by delete file system watches not being supported
> by current kernels.
>
> We have a reference audit implementation that I work to. We have just begun
> to get the filesystem watch implementation upstream. It was pointed out
> that there is some overlap between inotify and the audit system. So, we are
> trying to create a common framework that both audit and inotify can clip
> into. Then when this gets accepted upstream, Fedora will pick up the new
> kernel and all will be better. This process may take a month.
>
I need to learn more - I'm afraid you've gone over my head - but thanks. After
the cited round of updates, I got this in my overnight logwatch: is there
anything I need to get worried about?
--------------------- Selinux Audit Begin ------------------------
*** Denials ***
system_u system_u (dir): 22 times
system_u system_u (file): 34 times
system_u system_u (netif): 2 times
system_u system_u (netlink_audit_socket): 1 times
system_u system_u (netlink_route_socket): 1 times
system_u system_u (node): 2 times
system_u system_u (sock_file): 3 times
system_u system_u (tcp_socket): 5 times
system_u system_u (udp_socket): 10 times
system_u user_u (sock_file): 1 times
**Unmatched Entries** (Only first 10 out of 89 are printed)
The audit daemon is exiting.
audit: *NO* daemon at audit_pid=1920
audit(1122440737.973:10895603): arch=40000003 syscall=102 success=no
exit=-22 a0=b a1=bf909cc0 a2=80510f8 a3=0 items=0 pid=17997 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="auditctl"
exe="/sbin/auditctl"
audit(1122440737.973:10895603): saddr=100000000000000000000000
audit(1122440737.973:10895603): nargs=6 a0=3 a1=bf90be1c a2=10 a3=0
a4=bf90dfb8 a5=c
audit(1122440738.074:10895623): SELinux: unrecognized netlink message
type=1009 for sclass=49
audit(1122440738.074:10895623): arch=40000003 syscall=102 success=no
exit=-22 a0=b a1=bf909ca0 a2=80510f8 a3=0 items=0 pid=17997 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="auditctl"
exe="/sbin/auditctl"
audit(1122440738.074:10895623): saddr=100000000000000000000000
audit(1122440738.074:10895623): nargs=6 a0=3 a1=bf90bdfc a2=10 a3=0
a4=bf90df98 a5=c
Init complete, auditd 0.9.15 listening for events
---------------------- Selinux Audit End -------------------------
--------------------- Cron Begin ------------------------
**Unmatched Entries**
ENTRYPOINT FAILED but SELinux in permissive mode, continuing (/etc/crontab)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/mrtg)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/sysstat)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/mailman)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing (/etc/crontab)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/mrtg)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/sysstat)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/mailman)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing (/etc/crontab)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/mrtg)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/sysstat)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/mailman)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing (/etc/crontab)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/mrtg)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/sysstat)
ENTRYPOINT FAILED but SELinux in permissive mode, continuing
(/etc/cron.d/mailman)
---------------------- Cron End -------------------------
--
Claude Jones
Bluemont, VA, USA
|
