Running auditd from Raspberry Pi (Raspbian)
Steve Grubb
sgrubb at redhat.com
Tue Oct 27 03:12:28 UTC 2015
On Monday, October 26, 2015 05:18:12 PM Kangkook Jee wrote:
> This time, I built with —with-arm option and tried again. It still fails but
> with different error message.
>
>
> pi at raspberrypi ~/audit-2.4.4 $ grep arm config.status
> ac_cs_config="'--with-arm'"
> set X /bin/bash './configure' '--with-arm' $ac_configure_extra_args
> --no-create --no-recursion host='armv7l-unknown-linux-gnueabihf'
> build='armv7l-unknown-linux-gnueabihf'
> sys_lib_search_path_spec='/usr/lib/gcc/arm-linux-gnueabihf/4.9
> /usr/lib/arm-linux-gnueabihf /usr/lib /lib/arm-linux-gnueabihf /lib '
> sys_lib_dlsearch_path_spec='/lib64 /usr/lib64 /lib /usr/lib /opt/vc/lib
> /lib/arm-linux-gnueabihf /usr/lib/arm-linux-gnueabihf
> /usr/lib/arm-linux-gnueabihf/libfakeroot /usr/local/lib '
> S["target_cpu"]="armv7l"
> S["target"]="armv7l-unknown-linux-gnueabihf"
> S["host_cpu"]="armv7l"
> S["host"]="armv7l-unknown-linux-gnueabihf"
> S["build_cpu"]="armv7l"
> S["build"]="armv7l-unknown-linux-gnueabihf"
> pi at raspberrypi ~/audit-2.4.4 $ sudo src/auditctl -a exit,always -S execve
> Error sending add rule data request (Invalid argument)
If this works:
ausyscall armeb open
returns something like:
open 5
mq_open 274
openat 322
perf_event_open 364
open_by_handle_at 371
Then user space is working. Anything else would be kernel issues.
-Steve
More information about the Linux-audit
mailing list