[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Problem with start of auditd on 2.6.13-2smp machine



I have a redhat enterprise linux 4 update 1 based system running 2.6.13-2smp kernel with audit-1.0.3-6.EL4 and audit-libs-1.0.3-6.EL4
installed.
The problem is that when I start auditd I get this error:

[root cmsstor02 etc]# /etc/init.d/auditd start
Starting auditd:                                           [  OK  ]
Error receiving watch list (Invalid argument)
There was an error in line 5 of /etc/audit.rules

auditd actually starts but I am concerned that the -D
option (which is what is on line 5 of /etc/audit.rules)
is not being recognized or honored.

I see that newer versions of the audit rpm may have fixed this

"* Thu May 26 2005 Steve Grubb <sgrubb redhat com> 0.9-1
  - Translate numeric info to human readable for ausearch output
  - add '-if' option to ausearch to select input file
  - add '-c' option to ausearch to allow searching by comm field
  - init script now deletes all rules when daemon stops
  - Make auditctl display perms correctly in watch listings
***  - Make auditctl -D remove all watches"

but I do not have the glibc-kernheaders needed. Mine
are glibc-kernheaders-2.4-9.1.87 and audit-1.0.1201 needs
glibc-kernheaders>=2.4-9.1.95.

First - is this error I see really a problem?
Second: Is the fix above really a fix for the problem I am seeing?
If so is there any other way to get it fixed.
If not what is the fix?

Thanks in advance for any help that is provided.

lisa

--

Lisa Giacchetti
Fermilab Computing Division
USCMS Tier1 Facility Support
lisa at fnal dot gov | 1-630-840-8023


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]