FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 12-11-2009, 05:08 PM
Tom Laramee
 
Default Auditd fails to start : Connection refused

Greetings:

i have an x86_64 Centos5.3 box and i'm trying to run auditd. it fails on startup and this is the O/P at the end:

config_manager init complete
Error setting audit daemon pid (Connection refused)
type=DAEMON_ABORT msg=audit(1260554376.697:5674): auditd error halt, auid=4294967295 pid=32702 res=failed
Unable to set audit pid, exiting
The audit daemon is exiting.
Error setting audit daemon pid (Connection refused)

the only thing i've learned from asking google is that it's a potential problem with the interaction between selinux & auditd, but i haven't found a solution.

two questions:

1. anyone know what the problem is? (that or my next step in diagnosing it)

2. if i can't solve it, is there an alternative method for adding watchpoints to
directories such that i can be notified of WRITE events for files in that
directory (and preferably for all of it's subdirectories)?

My kernel version is 2.6.18 (full info below).
The audit version is audit.x86_64 0:1.7.13-2.el5

thanks
--tom


Name : kernel
Arch : x86_64
Version : 2.6.18
Release : 164.6.1.el5
Size : 18 M
Repo : updates
Summary : The Linux kernel (the core of the Linux operating system)
URL : http://www.kernel.org/




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-11-2009, 05:27 PM
Rob Kampen
 
Default Auditd fails to start : Connection refused

Tom Laramee wrote:

Greetings:

i have an x86_64 Centos5.3 box and i'm trying to run auditd. it fails on startup and this is the O/P at the end:

config_manager init complete
Error setting audit daemon pid (Connection refused)
type=DAEMON_ABORT msg=audit(1260554376.697:5674): auditd error halt, auid=4294967295 pid=32702 res=failed
Unable to set audit pid, exiting
The audit daemon is exiting.
Error setting audit daemon pid (Connection refused)

the only thing i've learned from asking google is that it's a potential problem with the interaction between selinux & auditd, but i haven't found a solution.

two questions:

1. anyone know what the problem is? (that or my next step in diagnosing it)

Are you running selinux in enforcing or permissive mode? sestatus to
check - suggest you post
2. if i can't solve it, is there an alternative method for adding watchpoints to
directories such that i can be notified of WRITE events for files in that
directory (and preferably for all of it's subdirectories)?

Consider running aide and ossec - these can notify you of changes to
critical files and folders.
My kernel version is 2.6.18 (full info below).
The audit version is audit.x86_64 0:1.7.13-2.el5


thanks
--tom


Name : kernel
Arch : x86_64
Version : 2.6.18
Release : 164.6.1.el5
Size : 18 M
Repo : updates
Summary : The Linux kernel (the core of the Linux operating system)
URL : http://www.kernel.org/




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 06:37 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org