Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   Auditd fails to start : Connection refused (http://www.linux-archive.org/centos/294003-auditd-fails-start-connection-refused.html)

Tom Laramee 12-11-2009 05:08 PM

Auditd fails to start : Connection refused
 
Greetings:

i have an x86_64 Centos5.3 box and i'm trying to run auditd. it fails on startup and this is the O/P at the end:

config_manager init complete
Error setting audit daemon pid (Connection refused)
type=DAEMON_ABORT msg=audit(1260554376.697:5674): auditd error halt, auid=4294967295 pid=32702 res=failed
Unable to set audit pid, exiting
The audit daemon is exiting.
Error setting audit daemon pid (Connection refused)

the only thing i've learned from asking google is that it's a potential problem with the interaction between selinux & auditd, but i haven't found a solution.

two questions:

1. anyone know what the problem is? (that or my next step in diagnosing it)

2. if i can't solve it, is there an alternative method for adding watchpoints to
directories such that i can be notified of WRITE events for files in that
directory (and preferably for all of it's subdirectories)?

My kernel version is 2.6.18 (full info below).
The audit version is audit.x86_64 0:1.7.13-2.el5

thanks
--tom


Name : kernel
Arch : x86_64
Version : 2.6.18
Release : 164.6.1.el5
Size : 18 M
Repo : updates
Summary : The Linux kernel (the core of the Linux operating system)
URL : http://www.kernel.org/




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Rob Kampen 12-11-2009 05:27 PM

Auditd fails to start : Connection refused
 
Tom Laramee wrote:

Greetings:

i have an x86_64 Centos5.3 box and i'm trying to run auditd. it fails on startup and this is the O/P at the end:

config_manager init complete
Error setting audit daemon pid (Connection refused)
type=DAEMON_ABORT msg=audit(1260554376.697:5674): auditd error halt, auid=4294967295 pid=32702 res=failed
Unable to set audit pid, exiting
The audit daemon is exiting.
Error setting audit daemon pid (Connection refused)

the only thing i've learned from asking google is that it's a potential problem with the interaction between selinux & auditd, but i haven't found a solution.

two questions:

1. anyone know what the problem is? (that or my next step in diagnosing it)

Are you running selinux in enforcing or permissive mode? sestatus to
check - suggest you post
2. if i can't solve it, is there an alternative method for adding watchpoints to
directories such that i can be notified of WRITE events for files in that
directory (and preferably for all of it's subdirectories)?

Consider running aide and ossec - these can notify you of changes to
critical files and folders.
My kernel version is 2.6.18 (full info below).
The audit version is audit.x86_64 0:1.7.13-2.el5


thanks
--tom


Name : kernel
Arch : x86_64
Version : 2.6.18
Release : 164.6.1.el5
Size : 18 M
Repo : updates
Summary : The Linux kernel (the core of the Linux operating system)
URL : http://www.kernel.org/




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 10:46 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.