Tom Laramee wrote:
Are you running selinux in enforcing or permissive mode? sestatus to check - suggest you postGreetings:i have an x86_64 Centos5.3 box and i'm trying to run auditd. it fails on startup and this is the O/P at the end: config_manager init complete Error setting audit daemon pid (Connection refused) type=DAEMON_ABORT msg=audit(1260554376.697:5674): auditd error halt, auid=4294967295 pid=32702 res=failed Unable to set audit pid, exiting The audit daemon is exiting. Error setting audit daemon pid (Connection refused) the only thing i've learned from asking google is that it's a potential problem with the interaction between selinux & auditd, but i haven't found a solution. two questions: 1. anyone know what the problem is? (that or my next step in diagnosing it)
2. if i can't solve it, is there an alternative method for adding watchpoints to directories such that i can be notified of WRITE events for files in that directory (and preferably for all of it's subdirectories)?Consider running aide and ossec - these can notify you of changes to critical files and folders.
My kernel version is 2.6.18 (full info below). The audit version is audit.x86_64 0:1.7.13-2.el5thanks --tom Name : kernel Arch : x86_64 Version : 2.6.18 Release : 164.6.1.el5 Size : 18 M Repo : updates Summary : The Linux kernel (the core of the Linux operating system) URL : http://www.kernel.org/ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
<<attachment: rkampen.vcf>>
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
