Greetings:
i have an x86_64 Centos5.3 box and i'm trying to run auditd. it fails on
startup and this is the O/P at the end:
config_manager init complete
Error setting audit daemon pid (Connection refused)
type=DAEMON_ABORT msg=audit(1260554376.697:5674): auditd error halt,
auid=4294967295 pid=32702 res=failed
Unable to set audit pid, exiting
The audit daemon is exiting.
Error setting audit daemon pid (Connection refused)
the only thing i've learned from asking google is that it's a potential problem
with the interaction between selinux & auditd, but i haven't found a solution.
two questions:
1. anyone know what the problem is? (that or my next step in diagnosing it)
2. if i can't solve it, is there an alternative method for adding watchpoints
to
directories such that i can be notified of WRITE events for files in
that
directory (and preferably for all of it's subdirectories)?
My kernel version is 2.6.18 (full info below).
The audit version is audit.x86_64 0:1.7.13-2.el5
thanks
--tom
Name : kernel
Arch : x86_64
Version : 2.6.18
Release : 164.6.1.el5
Size : 18 M
Repo : updates
Summary : The Linux kernel (the core of the Linux operating system)
URL : http://www.kernel.org/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
