* Auditd is not turning off the system on (RHEL7.+) [not found] <1025996531.618266.1602694304884.ref@mail.yahoo.com> @ 2020-10-14 16:51 ` Fabio Sbano 2020-10-14 17:12 ` Steve Grubb 0 siblings, 1 reply; 6+ messages in thread From: Fabio Sbano @ 2020-10-14 16:51 UTC (permalink / raw) To: linux-audit [-- Attachment #1.1: Type: text/plain, Size: 891 bytes --] My /etc/audit/auditd.conf is configured as below but it is not turning off the system ## This file controls the configuration of the audit daemon# local_events = yeswrite_logs = yeslog_file = /var/log/audit/audit.loglog_group = rootlog_format = RAWflush = INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost = 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name = mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action = SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left = 50admin_space_left_action = haltdisk_full_action = SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port = 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports = 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal = auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no Best Regards,Fabio Sbano [-- Attachment #1.2: Type: text/html, Size: 2474 bytes --] [-- Attachment #2: Type: text/plain, Size: 102 bytes --] -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Auditd is not turning off the system on (RHEL7.+) 2020-10-14 16:51 ` Auditd is not turning off the system on (RHEL7.+) Fabio Sbano @ 2020-10-14 17:12 ` Steve Grubb 2020-10-14 18:13 ` Fabio Sbano 0 siblings, 1 reply; 6+ messages in thread From: Steve Grubb @ 2020-10-14 17:12 UTC (permalink / raw) To: linux-audit Hello, On Wednesday, October 14, 2020 12:51:44 PM EDT Fabio Sbano wrote: > My /etc/audit/auditd.conf is configured as below but it is not turning off > the system > > ## This file controls the configuration of the audit daemon# > local_events = yeswrite_logs = yeslog_file = > /var/log/audit/audit.loglog_group = rootlog_format = RAWflush = > INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost = > 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name = > mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action = > SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left = > 50admin_space_left_action = haltdisk_full_action = > SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port = > 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports = > 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal = > auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no I believe this bz is relevant: https://bugzilla.redhat.com/show_bug.cgi?id=1780332 If you update to the 7.9 release, it should work like it is supposed to. Best Regards, -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Auditd is not turning off the system on (RHEL7.+) 2020-10-14 17:12 ` Steve Grubb @ 2020-10-14 18:13 ` Fabio Sbano 2020-10-14 18:20 ` Steve Grubb 0 siblings, 1 reply; 6+ messages in thread From: Fabio Sbano @ 2020-10-14 18:13 UTC (permalink / raw) To: sgrubb, Steve Grubb, linux-audit [-- Attachment #1.1: Type: text/plain, Size: 1396 bytes --] I'm using 7.x with latest update :-( Can i reopen the bug? ( I turned off selinux for the auditd to work the halt ) Best Regards,Fabio Sbano Sent from Yahoo Mail on Android On Wed, Oct 14, 2020 at 2:12 PM, Steve Grubb<sgrubb@redhat.com> wrote: Hello, On Wednesday, October 14, 2020 12:51:44 PM EDT Fabio Sbano wrote: > My /etc/audit/auditd.conf is configured as below but it is not turning off > the system > > ## This file controls the configuration of the audit daemon# > local_events = yeswrite_logs = yeslog_file = > /var/log/audit/audit.loglog_group = rootlog_format = RAWflush = > INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost = > 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name = > mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action = > SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left = > 50admin_space_left_action = haltdisk_full_action = > SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port = > 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports = > 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal = > auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no I believe this bz is relevant: https://bugzilla.redhat.com/show_bug.cgi?id=1780332 If you update to the 7.9 release, it should work like it is supposed to. Best Regards, -Steve [-- Attachment #1.2: Type: text/html, Size: 3021 bytes --] [-- Attachment #2: Type: text/plain, Size: 102 bytes --] -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Auditd is not turning off the system on (RHEL7.+) 2020-10-14 18:13 ` Fabio Sbano @ 2020-10-14 18:20 ` Steve Grubb 2020-10-14 18:34 ` Fabio Sbano 0 siblings, 1 reply; 6+ messages in thread From: Steve Grubb @ 2020-10-14 18:20 UTC (permalink / raw) To: linux-audit, Fabio Sbano On Wednesday, October 14, 2020 2:13:35 PM EDT Fabio Sbano wrote: > I'm using 7.x with latest update :-( > Can i reopen the bug? Sure. I think you'd probably want to add your AVC to give a hint. -Steve > ( I turned off selinux for the auditd to work the halt ) > Best Regards,Fabio Sbano > > Sent from Yahoo Mail on Android > > On Wed, Oct 14, 2020 at 2:12 PM, Steve Grubb<sgrubb@redhat.com> wrote: > Hello, > On Wednesday, October 14, 2020 12:51:44 PM EDT Fabio Sbano wrote: > > My /etc/audit/auditd.conf is configured as below but it is not turning > > off > > the system > > > > ## This file controls the configuration of the audit daemon# > > local_events = yeswrite_logs = yeslog_file = > > /var/log/audit/audit.loglog_group = rootlog_format = RAWflush = > > INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost = > > 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name = > > mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action = > > SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left = > > 50admin_space_left_action = haltdisk_full_action = > > SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port = > > 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports = > > 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal = > > auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no > > I believe this bz is relevant: > https://bugzilla.redhat.com/show_bug.cgi?id=1780332 > > If you update to the 7.9 release, it should work like it is supposed to. > > Best Regards, > -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Auditd is not turning off the system on (RHEL7.+) 2020-10-14 18:20 ` Steve Grubb @ 2020-10-14 18:34 ` Fabio Sbano 2020-10-15 10:46 ` Fabio Sbano 0 siblings, 1 reply; 6+ messages in thread From: Fabio Sbano @ 2020-10-14 18:34 UTC (permalink / raw) To: sgrubb, Steve Grubb, linux-audit [-- Attachment #1.1: Type: text/plain, Size: 1821 bytes --] Off Course, I'll do it tonight Regards,Fabio Sbano Sent from Yahoo Mail on Android On Wed, Oct 14, 2020 at 3:21 PM, Steve Grubb<sgrubb@redhat.com> wrote: On Wednesday, October 14, 2020 2:13:35 PM EDT Fabio Sbano wrote: > I'm using 7.x with latest update :-( > Can i reopen the bug? Sure. I think you'd probably want to add your AVC to give a hint. -Steve > ( I turned off selinux for the auditd to work the halt ) > Best Regards,Fabio Sbano > > Sent from Yahoo Mail on Android > > On Wed, Oct 14, 2020 at 2:12 PM, Steve Grubb<sgrubb@redhat.com> wrote: > Hello, > On Wednesday, October 14, 2020 12:51:44 PM EDT Fabio Sbano wrote: > > My /etc/audit/auditd.conf is configured as below but it is not turning > > off > > the system > > > > ## This file controls the configuration of the audit daemon# > > local_events = yeswrite_logs = yeslog_file = > > /var/log/audit/audit.loglog_group = rootlog_format = RAWflush = > > INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost = > > 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name = > > mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action = > > SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left = > > 50admin_space_left_action = haltdisk_full_action = > > SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port = > > 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports = > > 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal = > > auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no > > I believe this bz is relevant: > https://bugzilla.redhat.com/show_bug.cgi?id=1780332 > > If you update to the 7.9 release, it should work like it is supposed to. > > Best Regards, > -Steve [-- Attachment #1.2: Type: text/html, Size: 3694 bytes --] [-- Attachment #2: Type: text/plain, Size: 102 bytes --] -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Auditd is not turning off the system on (RHEL7.+) 2020-10-14 18:34 ` Fabio Sbano @ 2020-10-15 10:46 ` Fabio Sbano 0 siblings, 0 replies; 6+ messages in thread From: Fabio Sbano @ 2020-10-15 10:46 UTC (permalink / raw) To: sgrubb, linux-audit [-- Attachment #1.1: Type: text/plain, Size: 2100 bytes --] i am using redhat satellite and it was out of date with version 7.9I installed a new server with iso 7.9 and everything worked correctly Sorry,Best Regards,Fabio Sbano Em quarta-feira, 14 de outubro de 2020 15:34:30 BRT, Fabio Sbano <fsbano@yahoo.com> escreveu: Off Course, I'll do it tonight Regards,Fabio Sbano Sent from Yahoo Mail on Android On Wed, Oct 14, 2020 at 3:21 PM, Steve Grubb<sgrubb@redhat.com> wrote: On Wednesday, October 14, 2020 2:13:35 PM EDT Fabio Sbano wrote: > I'm using 7.x with latest update :-( > Can i reopen the bug? Sure. I think you'd probably want to add your AVC to give a hint. -Steve > ( I turned off selinux for the auditd to work the halt ) > Best Regards,Fabio Sbano > > Sent from Yahoo Mail on Android > > On Wed, Oct 14, 2020 at 2:12 PM, Steve Grubb<sgrubb@redhat.com> wrote: > Hello, > On Wednesday, October 14, 2020 12:51:44 PM EDT Fabio Sbano wrote: > > My /etc/audit/auditd.conf is configured as below but it is not turning > > off > > the system > > > > ## This file controls the configuration of the audit daemon# > > local_events = yeswrite_logs = yeslog_file = > > /var/log/audit/audit.loglog_group = rootlog_format = RAWflush = > > INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost = > > 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name = > > mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action = > > SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left = > > 50admin_space_left_action = haltdisk_full_action = > > SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port = > > 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports = > > 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal = > > auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no > > I believe this bz is relevant: > https://bugzilla.redhat.com/show_bug.cgi?id=1780332 > > If you update to the 7.9 release, it should work like it is supposed to. > > Best Regards, > -Steve [-- Attachment #1.2: Type: text/html, Size: 5146 bytes --] [-- Attachment #2: Type: text/plain, Size: 102 bytes --] -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-10-15 10:46 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <1025996531.618266.1602694304884.ref@mail.yahoo.com>
2020-10-14 16:51 ` Auditd is not turning off the system on (RHEL7.+) Fabio Sbano
2020-10-14 17:12 ` Steve Grubb
2020-10-14 18:13 ` Fabio Sbano
2020-10-14 18:20 ` Steve Grubb
2020-10-14 18:34 ` Fabio Sbano
2020-10-15 10:46 ` Fabio Sbano
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).