Linux-audit Archive on lore.kernel.org
 help / color / Atom feed
* Auditd is not turning off the system on (RHEL7.+)
       [not found] <1025996531.618266.1602694304884.ref@mail.yahoo.com>
@ 2020-10-14 16:51 ` Fabio Sbano
  2020-10-14 17:12   ` Steve Grubb
  0 siblings, 1 reply; 6+ messages in thread
From: Fabio Sbano @ 2020-10-14 16:51 UTC (permalink / raw)
  To: linux-audit

[-- Attachment #1.1: Type: text/plain, Size: 891 bytes --]

My /etc/audit/auditd.conf is configured as below but it is not turning off the system

## This file controls the configuration of the audit daemon#
local_events = yeswrite_logs = yeslog_file = /var/log/audit/audit.loglog_group = rootlog_format = RAWflush = INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost = 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name = mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action = SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left = 50admin_space_left_action = haltdisk_full_action = SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port = 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports = 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal = auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no



Best Regards,Fabio Sbano

[-- Attachment #1.2: Type: text/html, Size: 2474 bytes --]

[-- Attachment #2: Type: text/plain, Size: 102 bytes --]

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Auditd is not turning off the system on (RHEL7.+)
  2020-10-14 16:51 ` Auditd is not turning off the system on (RHEL7.+) Fabio Sbano
@ 2020-10-14 17:12   ` Steve Grubb
  2020-10-14 18:13     ` Fabio Sbano
  0 siblings, 1 reply; 6+ messages in thread
From: Steve Grubb @ 2020-10-14 17:12 UTC (permalink / raw)
  To: linux-audit

Hello,

On Wednesday, October 14, 2020 12:51:44 PM EDT Fabio Sbano wrote:
> My /etc/audit/auditd.conf is configured as below but it is not turning off
> the system
> 
> ## This file controls the configuration of the audit daemon#
> local_events = yeswrite_logs = yeslog_file =
> /var/log/audit/audit.loglog_group = rootlog_format = RAWflush =
> INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost =
> 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name =
> mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action =
> SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left =
> 50admin_space_left_action = haltdisk_full_action =
> SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port =
> 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports =
> 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal =
> auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no
 
I believe this bz is relevant:
https://bugzilla.redhat.com/show_bug.cgi?id=1780332

If you update to the 7.9 release, it should work like it is supposed to.

Best Regards,
-Steve


--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Auditd is not turning off the system on (RHEL7.+)
  2020-10-14 17:12   ` Steve Grubb
@ 2020-10-14 18:13     ` Fabio Sbano
  2020-10-14 18:20       ` Steve Grubb
  0 siblings, 1 reply; 6+ messages in thread
From: Fabio Sbano @ 2020-10-14 18:13 UTC (permalink / raw)
  To: sgrubb, Steve Grubb, linux-audit

[-- Attachment #1.1: Type: text/plain, Size: 1396 bytes --]

I'm using 7.x with latest update :-(
Can i reopen the bug?
( I turned off selinux for the auditd to work the halt )
Best Regards,Fabio Sbano

Sent from Yahoo Mail on Android 
 
  On Wed, Oct 14, 2020 at 2:12 PM, Steve Grubb<sgrubb@redhat.com> wrote:   Hello,

On Wednesday, October 14, 2020 12:51:44 PM EDT Fabio Sbano wrote:
> My /etc/audit/auditd.conf is configured as below but it is not turning off
> the system
> 
> ## This file controls the configuration of the audit daemon#
> local_events = yeswrite_logs = yeslog_file =
> /var/log/audit/audit.loglog_group = rootlog_format = RAWflush =
> INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost =
> 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name =
> mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action =
> SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left =
> 50admin_space_left_action = haltdisk_full_action =
> SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port =
> 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports =
> 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal =
> auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no
 
I believe this bz is relevant:
https://bugzilla.redhat.com/show_bug.cgi?id=1780332

If you update to the 7.9 release, it should work like it is supposed to.

Best Regards,
-Steve


  

[-- Attachment #1.2: Type: text/html, Size: 3021 bytes --]

[-- Attachment #2: Type: text/plain, Size: 102 bytes --]

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Auditd is not turning off the system on (RHEL7.+)
  2020-10-14 18:13     ` Fabio Sbano
@ 2020-10-14 18:20       ` Steve Grubb
  2020-10-14 18:34         ` Fabio Sbano
  0 siblings, 1 reply; 6+ messages in thread
From: Steve Grubb @ 2020-10-14 18:20 UTC (permalink / raw)
  To: linux-audit, Fabio Sbano

On Wednesday, October 14, 2020 2:13:35 PM EDT Fabio Sbano wrote:
> I'm using 7.x with latest update :-(
> Can i reopen the bug?

Sure. I think you'd probably want to add your AVC to give a hint.

-Steve

> ( I turned off selinux for the auditd to work the halt )
> Best Regards,Fabio Sbano
> 
> Sent from Yahoo Mail on Android
> 
>   On Wed, Oct 14, 2020 at 2:12 PM, Steve Grubb<sgrubb@redhat.com> wrote:  
> Hello,
> On Wednesday, October 14, 2020 12:51:44 PM EDT Fabio Sbano wrote:
> > My /etc/audit/auditd.conf is configured as below but it is not turning
> > off
> > the system
> > 
> > ## This file controls the configuration of the audit daemon#
> > local_events = yeswrite_logs = yeslog_file =
> > /var/log/audit/audit.loglog_group = rootlog_format = RAWflush =
> > INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost =
> > 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name =
> > mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action =
> > SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left =
> > 50admin_space_left_action = haltdisk_full_action =
> > SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port =
> > 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports =
> > 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal =
> > auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no
> 
> I believe this bz is relevant:
> https://bugzilla.redhat.com/show_bug.cgi?id=1780332
> 
> If you update to the 7.9 release, it should work like it is supposed to.
> 
> Best Regards,
> -Steve




--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Auditd is not turning off the system on (RHEL7.+)
  2020-10-14 18:20       ` Steve Grubb
@ 2020-10-14 18:34         ` Fabio Sbano
  2020-10-15 10:46           ` Fabio Sbano
  0 siblings, 1 reply; 6+ messages in thread
From: Fabio Sbano @ 2020-10-14 18:34 UTC (permalink / raw)
  To: sgrubb, Steve Grubb, linux-audit

[-- Attachment #1.1: Type: text/plain, Size: 1821 bytes --]

Off Course,
I'll do it tonight

Regards,Fabio Sbano

Sent from Yahoo Mail on Android 
 
  On Wed, Oct 14, 2020 at 3:21 PM, Steve Grubb<sgrubb@redhat.com> wrote:   On Wednesday, October 14, 2020 2:13:35 PM EDT Fabio Sbano wrote:
> I'm using 7.x with latest update :-(
> Can i reopen the bug?

Sure. I think you'd probably want to add your AVC to give a hint.

-Steve

> ( I turned off selinux for the auditd to work the halt )
> Best Regards,Fabio Sbano
> 
> Sent from Yahoo Mail on Android
> 
>  On Wed, Oct 14, 2020 at 2:12 PM, Steve Grubb<sgrubb@redhat.com> wrote:  
> Hello,
> On Wednesday, October 14, 2020 12:51:44 PM EDT Fabio Sbano wrote:
> > My /etc/audit/auditd.conf is configured as below but it is not turning
> > off
> > the system
> > 
> > ## This file controls the configuration of the audit daemon#
> > local_events = yeswrite_logs = yeslog_file =
> > /var/log/audit/audit.loglog_group = rootlog_format = RAWflush =
> > INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost =
> > 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name =
> > mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action =
> > SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left =
> > 50admin_space_left_action = haltdisk_full_action =
> > SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port =
> > 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports =
> > 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal =
> > auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no
> 
> I believe this bz is relevant:
> https://bugzilla.redhat.com/show_bug.cgi?id=1780332
> 
> If you update to the 7.9 release, it should work like it is supposed to.
> 
> Best Regards,
> -Steve




  

[-- Attachment #1.2: Type: text/html, Size: 3694 bytes --]

[-- Attachment #2: Type: text/plain, Size: 102 bytes --]

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Auditd is not turning off the system on (RHEL7.+)
  2020-10-14 18:34         ` Fabio Sbano
@ 2020-10-15 10:46           ` Fabio Sbano
  0 siblings, 0 replies; 6+ messages in thread
From: Fabio Sbano @ 2020-10-15 10:46 UTC (permalink / raw)
  To: sgrubb, linux-audit

[-- Attachment #1.1: Type: text/plain, Size: 2100 bytes --]

  i am using redhat satellite and it was out of date with version 7.9I installed a new server with iso 7.9 and everything worked correctly
Sorry,Best Regards,Fabio Sbano
    Em quarta-feira, 14 de outubro de 2020 15:34:30 BRT, Fabio Sbano <fsbano@yahoo.com> escreveu:  
 
 Off Course,
I'll do it tonight

Regards,Fabio Sbano

Sent from Yahoo Mail on Android 
 
  On Wed, Oct 14, 2020 at 3:21 PM, Steve Grubb<sgrubb@redhat.com> wrote:   On Wednesday, October 14, 2020 2:13:35 PM EDT Fabio Sbano wrote:
> I'm using 7.x with latest update :-(
> Can i reopen the bug?

Sure. I think you'd probably want to add your AVC to give a hint.

-Steve

> ( I turned off selinux for the auditd to work the halt )
> Best Regards,Fabio Sbano
> 
> Sent from Yahoo Mail on Android
> 
>  On Wed, Oct 14, 2020 at 2:12 PM, Steve Grubb<sgrubb@redhat.com> wrote:  
> Hello,
> On Wednesday, October 14, 2020 12:51:44 PM EDT Fabio Sbano wrote:
> > My /etc/audit/auditd.conf is configured as below but it is not turning
> > off
> > the system
> > 
> > ## This file controls the configuration of the audit daemon#
> > local_events = yeswrite_logs = yeslog_file =
> > /var/log/audit/audit.loglog_group = rootlog_format = RAWflush =
> > INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost =
> > 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name =
> > mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action =
> > SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left =
> > 50admin_space_left_action = haltdisk_full_action =
> > SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port =
> > 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports =
> > 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal =
> > auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no
> 
> I believe this bz is relevant:
> https://bugzilla.redhat.com/show_bug.cgi?id=1780332
> 
> If you update to the 7.9 release, it should work like it is supposed to.
> 
> Best Regards,
> -Steve




  
  

[-- Attachment #1.2: Type: text/html, Size: 5146 bytes --]

[-- Attachment #2: Type: text/plain, Size: 102 bytes --]

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, back to index

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <1025996531.618266.1602694304884.ref@mail.yahoo.com>
2020-10-14 16:51 ` Auditd is not turning off the system on (RHEL7.+) Fabio Sbano
2020-10-14 17:12   ` Steve Grubb
2020-10-14 18:13     ` Fabio Sbano
2020-10-14 18:20       ` Steve Grubb
2020-10-14 18:34         ` Fabio Sbano
2020-10-15 10:46           ` Fabio Sbano

Linux-audit Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-audit/0 linux-audit/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-audit linux-audit/ https://lore.kernel.org/linux-audit \
		linux-audit@redhat.com
	public-inbox-index linux-audit

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.redhat.linux-audit


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git