* Auditd is not turning off the system on (RHEL7.+)
[not found] <1025996531.618266.1602694304884.ref@mail.yahoo.com>
@ 2020-10-14 16:51 ` Fabio Sbano
2020-10-14 17:12 ` Steve Grubb
0 siblings, 1 reply; 6+ messages in thread
From: Fabio Sbano @ 2020-10-14 16:51 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 891 bytes --]
My /etc/audit/auditd.conf is configured as below but it is not turning off the system
## This file controls the configuration of the audit daemon#
local_events = yeswrite_logs = yeslog_file = /var/log/audit/audit.loglog_group = rootlog_format = RAWflush = INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost = 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name = mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action = SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left = 50admin_space_left_action = haltdisk_full_action = SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port = 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports = 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal = auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no
Best Regards,Fabio Sbano
[-- Attachment #1.2: Type: text/html, Size: 2474 bytes --]
[-- Attachment #2: Type: text/plain, Size: 102 bytes --]
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Auditd is not turning off the system on (RHEL7.+)
2020-10-14 16:51 ` Auditd is not turning off the system on (RHEL7.+) Fabio Sbano
@ 2020-10-14 17:12 ` Steve Grubb
2020-10-14 18:13 ` Fabio Sbano
0 siblings, 1 reply; 6+ messages in thread
From: Steve Grubb @ 2020-10-14 17:12 UTC (permalink / raw)
To: linux-audit
Hello,
On Wednesday, October 14, 2020 12:51:44 PM EDT Fabio Sbano wrote:
> My /etc/audit/auditd.conf is configured as below but it is not turning off
> the system
>
> ## This file controls the configuration of the audit daemon#
> local_events = yeswrite_logs = yeslog_file =
> /var/log/audit/audit.loglog_group = rootlog_format = RAWflush =
> INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost =
> 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name =
> mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action =
> SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left =
> 50admin_space_left_action = haltdisk_full_action =
> SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port =
> 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports =
> 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal =
> auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no
I believe this bz is relevant:
https://bugzilla.redhat.com/show_bug.cgi?id=1780332
If you update to the 7.9 release, it should work like it is supposed to.
Best Regards,
-Steve
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Auditd is not turning off the system on (RHEL7.+)
2020-10-14 17:12 ` Steve Grubb
@ 2020-10-14 18:13 ` Fabio Sbano
2020-10-14 18:20 ` Steve Grubb
0 siblings, 1 reply; 6+ messages in thread
From: Fabio Sbano @ 2020-10-14 18:13 UTC (permalink / raw)
To: sgrubb, Steve Grubb, linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 1396 bytes --]
I'm using 7.x with latest update :-(
Can i reopen the bug?
( I turned off selinux for the auditd to work the halt )
Best Regards,Fabio Sbano
Sent from Yahoo Mail on Android
On Wed, Oct 14, 2020 at 2:12 PM, Steve Grubb<sgrubb@redhat.com> wrote: Hello,
On Wednesday, October 14, 2020 12:51:44 PM EDT Fabio Sbano wrote:
> My /etc/audit/auditd.conf is configured as below but it is not turning off
> the system
>
> ## This file controls the configuration of the audit daemon#
> local_events = yeswrite_logs = yeslog_file =
> /var/log/audit/audit.loglog_group = rootlog_format = RAWflush =
> INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost =
> 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name =
> mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action =
> SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left =
> 50admin_space_left_action = haltdisk_full_action =
> SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port =
> 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports =
> 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal =
> auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no
I believe this bz is relevant:
https://bugzilla.redhat.com/show_bug.cgi?id=1780332
If you update to the 7.9 release, it should work like it is supposed to.
Best Regards,
-Steve
[-- Attachment #1.2: Type: text/html, Size: 3021 bytes --]
[-- Attachment #2: Type: text/plain, Size: 102 bytes --]
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Auditd is not turning off the system on (RHEL7.+)
2020-10-14 18:13 ` Fabio Sbano
@ 2020-10-14 18:20 ` Steve Grubb
2020-10-14 18:34 ` Fabio Sbano
0 siblings, 1 reply; 6+ messages in thread
From: Steve Grubb @ 2020-10-14 18:20 UTC (permalink / raw)
To: linux-audit, Fabio Sbano
On Wednesday, October 14, 2020 2:13:35 PM EDT Fabio Sbano wrote:
> I'm using 7.x with latest update :-(
> Can i reopen the bug?
Sure. I think you'd probably want to add your AVC to give a hint.
-Steve
> ( I turned off selinux for the auditd to work the halt )
> Best Regards,Fabio Sbano
>
> Sent from Yahoo Mail on Android
>
> On Wed, Oct 14, 2020 at 2:12 PM, Steve Grubb<sgrubb@redhat.com> wrote:
> Hello,
> On Wednesday, October 14, 2020 12:51:44 PM EDT Fabio Sbano wrote:
> > My /etc/audit/auditd.conf is configured as below but it is not turning
> > off
> > the system
> >
> > ## This file controls the configuration of the audit daemon#
> > local_events = yeswrite_logs = yeslog_file =
> > /var/log/audit/audit.loglog_group = rootlog_format = RAWflush =
> > INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost =
> > 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name =
> > mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action =
> > SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left =
> > 50admin_space_left_action = haltdisk_full_action =
> > SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port =
> > 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports =
> > 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal =
> > auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no
>
> I believe this bz is relevant:
> https://bugzilla.redhat.com/show_bug.cgi?id=1780332
>
> If you update to the 7.9 release, it should work like it is supposed to.
>
> Best Regards,
> -Steve
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Auditd is not turning off the system on (RHEL7.+)
2020-10-14 18:20 ` Steve Grubb
@ 2020-10-14 18:34 ` Fabio Sbano
2020-10-15 10:46 ` Fabio Sbano
0 siblings, 1 reply; 6+ messages in thread
From: Fabio Sbano @ 2020-10-14 18:34 UTC (permalink / raw)
To: sgrubb, Steve Grubb, linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 1821 bytes --]
Off Course,
I'll do it tonight
Regards,Fabio Sbano
Sent from Yahoo Mail on Android
On Wed, Oct 14, 2020 at 3:21 PM, Steve Grubb<sgrubb@redhat.com> wrote: On Wednesday, October 14, 2020 2:13:35 PM EDT Fabio Sbano wrote:
> I'm using 7.x with latest update :-(
> Can i reopen the bug?
Sure. I think you'd probably want to add your AVC to give a hint.
-Steve
> ( I turned off selinux for the auditd to work the halt )
> Best Regards,Fabio Sbano
>
> Sent from Yahoo Mail on Android
>
> On Wed, Oct 14, 2020 at 2:12 PM, Steve Grubb<sgrubb@redhat.com> wrote:
> Hello,
> On Wednesday, October 14, 2020 12:51:44 PM EDT Fabio Sbano wrote:
> > My /etc/audit/auditd.conf is configured as below but it is not turning
> > off
> > the system
> >
> > ## This file controls the configuration of the audit daemon#
> > local_events = yeswrite_logs = yeslog_file =
> > /var/log/audit/audit.loglog_group = rootlog_format = RAWflush =
> > INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost =
> > 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name =
> > mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action =
> > SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left =
> > 50admin_space_left_action = haltdisk_full_action =
> > SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port =
> > 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports =
> > 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal =
> > auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no
>
> I believe this bz is relevant:
> https://bugzilla.redhat.com/show_bug.cgi?id=1780332
>
> If you update to the 7.9 release, it should work like it is supposed to.
>
> Best Regards,
> -Steve
[-- Attachment #1.2: Type: text/html, Size: 3694 bytes --]
[-- Attachment #2: Type: text/plain, Size: 102 bytes --]
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Auditd is not turning off the system on (RHEL7.+)
2020-10-14 18:34 ` Fabio Sbano
@ 2020-10-15 10:46 ` Fabio Sbano
0 siblings, 0 replies; 6+ messages in thread
From: Fabio Sbano @ 2020-10-15 10:46 UTC (permalink / raw)
To: sgrubb, linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 2100 bytes --]
i am using redhat satellite and it was out of date with version 7.9I installed a new server with iso 7.9 and everything worked correctly
Sorry,Best Regards,Fabio Sbano
Em quarta-feira, 14 de outubro de 2020 15:34:30 BRT, Fabio Sbano <fsbano@yahoo.com> escreveu:
Off Course,
I'll do it tonight
Regards,Fabio Sbano
Sent from Yahoo Mail on Android
On Wed, Oct 14, 2020 at 3:21 PM, Steve Grubb<sgrubb@redhat.com> wrote: On Wednesday, October 14, 2020 2:13:35 PM EDT Fabio Sbano wrote:
> I'm using 7.x with latest update :-(
> Can i reopen the bug?
Sure. I think you'd probably want to add your AVC to give a hint.
-Steve
> ( I turned off selinux for the auditd to work the halt )
> Best Regards,Fabio Sbano
>
> Sent from Yahoo Mail on Android
>
> On Wed, Oct 14, 2020 at 2:12 PM, Steve Grubb<sgrubb@redhat.com> wrote:
> Hello,
> On Wednesday, October 14, 2020 12:51:44 PM EDT Fabio Sbano wrote:
> > My /etc/audit/auditd.conf is configured as below but it is not turning
> > off
> > the system
> >
> > ## This file controls the configuration of the audit daemon#
> > local_events = yeswrite_logs = yeslog_file =
> > /var/log/audit/audit.loglog_group = rootlog_format = RAWflush =
> > INCREMENTAL_ASYNCfreq = 50max_log_file = 8num_logs = 5priority_boost =
> > 4disp_qos = lossydispatcher = /sbin/audispdname_format = NONE##name =
> > mydomainmax_log_file_action = ROTATEspace_left = 75space_left_action =
> > SYSLOGverify_email = yesaction_mail_acct = rootadmin_space_left =
> > 50admin_space_left_action = haltdisk_full_action =
> > SUSPENDdisk_error_action = SUSPENDuse_libwrap = yes##tcp_listen_port =
> > 60tcp_listen_queue = 5tcp_max_per_addr = 1##tcp_client_ports =
> > 1024-65535tcp_client_max_idle = 0enable_krb5 = nokrb5_principal =
> > auditd##krb5_key_file = /etc/audit/audit.keydistribute_network = no
>
> I believe this bz is relevant:
> https://bugzilla.redhat.com/show_bug.cgi?id=1780332
>
> If you update to the 7.9 release, it should work like it is supposed to.
>
> Best Regards,
> -Steve
[-- Attachment #1.2: Type: text/html, Size: 5146 bytes --]
[-- Attachment #2: Type: text/plain, Size: 102 bytes --]
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-10-15 10:46 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <1025996531.618266.1602694304884.ref@mail.yahoo.com>
2020-10-14 16:51 ` Auditd is not turning off the system on (RHEL7.+) Fabio Sbano
2020-10-14 17:12 ` Steve Grubb
2020-10-14 18:13 ` Fabio Sbano
2020-10-14 18:20 ` Steve Grubb
2020-10-14 18:34 ` Fabio Sbano
2020-10-15 10:46 ` Fabio Sbano
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).