Running auditd from Raspberry Pi (Raspbian)

Kangkook Jee aixer77 at gmail.com
Mon Oct 26 21:18:12 UTC 2015 

This time, I built with —with-arm option and tried again. It still fails but with different error message.


pi at raspberrypi ~/audit-2.4.4 $ grep arm config.status
ac_cs_config="'--with-arm'"
  set X /bin/bash './configure'  '--with-arm' $ac_configure_extra_args --no-create --no-recursion
host='armv7l-unknown-linux-gnueabihf'
build='armv7l-unknown-linux-gnueabihf'
sys_lib_search_path_spec='/usr/lib/gcc/arm-linux-gnueabihf/4.9 /usr/lib/arm-linux-gnueabihf /usr/lib /lib/arm-linux-gnueabihf /lib '
sys_lib_dlsearch_path_spec='/lib64 /usr/lib64 /lib /usr/lib /opt/vc/lib /lib/arm-linux-gnueabihf /usr/lib/arm-linux-gnueabihf /usr/lib/arm-linux-gnueabihf/libfakeroot /usr/local/lib '
S["target_cpu"]="armv7l"
S["target"]="armv7l-unknown-linux-gnueabihf"
S["host_cpu"]="armv7l"
S["host"]="armv7l-unknown-linux-gnueabihf"
S["build_cpu"]="armv7l"
S["build"]="armv7l-unknown-linux-gnueabihf"
pi at raspberrypi ~/audit-2.4.4 $ sudo src/auditctl -a exit,always -S execve
Error sending add rule data request (Invalid argument)


> On Oct 26, 2015, at 4:57 PM, Kangkook Jee <aixer77 at gmail.com> wrote:
> 
> I added “—with-armeb” should it be just “—with-arm” ?
> 
> This following shows my configuration status.
> 
> pi at raspberrypi ~/audit-2.4.4 $ grep arm config.status
> ac_cs_config="'--with-armeb'"
>  set X /bin/bash './configure'  '--with-armeb' $ac_configure_extra_args --no-create --no-recursion
> host='armv7l-unknown-linux-gnueabihf'
> build='armv7l-unknown-linux-gnueabihf'
> sys_lib_search_path_spec='/usr/lib/gcc/arm-linux-gnueabihf/4.9 /usr/lib/arm-linux-gnueabihf /usr/lib /lib/arm-linux-gnueabihf /lib '
> sys_lib_dlsearch_path_spec='/lib64 /usr/lib64 /lib /usr/lib /opt/vc/lib /lib/arm-linux-gnueabihf /usr/lib/arm-linux-gnueabihf /usr/lib/arm-linux-gnueabihf/libfakeroot /usr/local/lib '
> S["target_cpu"]="armv7l"
> S["target"]="armv7l-unknown-linux-gnueabihf"
> S["host_cpu"]="armv7l"
> S["host"]="armv7l-unknown-linux-gnueabihf"
> S["build_cpu"]="armv7l"
> S["build"]="armv7l-unknown-linux-gnueabihf”
> 
> 
>> On Oct 26, 2015, at 4:37 PM, Steve Grubb <sgrubb at redhat.com> wrote:
>> 
>> On Monday, October 26, 2015 04:25:57 PM Kangkook Jee wrote:
>>> Dear Steve,
>>> 
>>> I built auditctl from recent audit source and tried it again but I failed
>>> with the following errors.
>>> 
>>> pi at raspberrypi ~/audit-2.4.4 $ sudo auditctl -e1 -b 102400
>>> AUDIT_STATUS: enabled=1 flag=1 pid=2022 rate_limit=0 backlog_limit=320
>>> lost=0 backlog=0 (reverse-i-search)`b': sudo auditctl -e1 -^C102400
>>> pi at raspberrypi ~/audit-2.4.4 $ sudo src/auditctl -a exit,always -F
>>> arch=armeb -S clone arch elf mapping not found
>>> pi at raspberrypi ~/audit-2.4.4 $ sudo src/auditctl -a exit,always -S clone
>>> Error detecting machine type
>>> 
>>> Would you help me with this?
>> 
>> Did you add --with-arm to the ./configure line? Its disabled by default.
>> 
>> -Steve
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20151026/f3e5e4c5/attachment.htm>

More information about the Linux-audit mailing list