[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Problem with start of auditd on 2.6.13-2smp machine

I have a redhat enterprise linux 4 update 1 based system running 2.6.13-2smp kernel with audit-1.0.3-6.EL4 and audit-libs-1.0.3-6.EL4
The problem is that when I start auditd I get this error:

[root cmsstor02 etc]# /etc/init.d/auditd start
Starting auditd:                                           [  OK  ]
Error receiving watch list (Invalid argument)
There was an error in line 5 of /etc/audit.rules

auditd actually starts but I am concerned that the -D
option (which is what is on line 5 of /etc/audit.rules)
is not being recognized or honored.

I see that newer versions of the audit rpm may have fixed this

"* Thu May 26 2005 Steve Grubb <sgrubb redhat com> 0.9-1
  - Translate numeric info to human readable for ausearch output
  - add '-if' option to ausearch to select input file
  - add '-c' option to ausearch to allow searching by comm field
  - init script now deletes all rules when daemon stops
  - Make auditctl display perms correctly in watch listings
***  - Make auditctl -D remove all watches"

but I do not have the glibc-kernheaders needed. Mine
are glibc-kernheaders-2.4-9.1.87 and audit-1.0.1201 needs

First - is this error I see really a problem?
Second: Is the fix above really a fix for the problem I am seeing?
If so is there any other way to get it fixed.
If not what is the fix?

Thanks in advance for any help that is provided.



Lisa Giacchetti
Fermilab Computing Division
USCMS Tier1 Facility Support
lisa at fnal dot gov | 1-630-840-8023

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]