augenrules[6706]: failure 2 in /var/log/message in red highlight
by warron.french
Hello to all, it has been some time since I have needed to source the
wisdom of this list.
I need help on the following:
I have had to clean up audit rules to get the entire set to load and
observe the results in */var/log/messages.*
I get all of the rules to load, presently using a single rule-file
(UDG.rules). The last line of the file has the "*-e 2"* and has been
rebooted a couple of times. As a result I can determine using auditctl -s
that I observe: "enabled 1" but that's not the problem.
More information. I get all of the other "-a" and "-w" rules to load
successfully now. The quantity of "-a" and "-w" rules loaded equals my
expectations based on executing "*auditctl -l | wc -l*" and comparing to
the value returned using this shell command= *egrep -vc "^$|^#|^ |-e"
UDG.rules*
Here is where the problem is observed. I review the results in
/var/log/messages and I see the following:
<date> <time-of-day> <hostname> augenrules[6706]: failure 2
with "failure 2" highlighted with red.
I am using vim to read the /var/log/messages file, to offer extra
information.
Anyway, is this indicating a problem still? If I remember correctly from
man years ago... this is not. I do not want to rely on memory.
Please help,
--------------------------
Warron French
2 weeks, 2 days
- 2
- 1
audit-4.1.3 released
by Steve Grubb
Hello,
We just released a new version of the audit package. It can be downloaded
from:
https://github.com/linux-audit/audit-userspace/releases/
The ChangeLog is:
- Reduce memory churn in the af_unix plugin
- Add --with-asan to enable ASAN for unit tests
- Code cleanups
- Improve auplugin_fgets performance
- Update syscalls and io_uring tables for the 6.19 kernel
- Fix python bindings to correctly handle passing file objects to auparse_init
There's 2 things to highlight in this release. The first is that there should
be a significant performance improvement in the plugins. They should be more
efficient in processing events. The auplugin_fgets functions weren't
effectively using their buffer and went back to a read syscall even when they
had the next record in memory. That is fixed and plugins using auplugin_fgets
should be faster.
The other thing is that over last summer, the audit project moved at an
unprecedented rate of change. Since September the focus has been on
stabilizing all that change. I have used every static analysis program I can
get my hands on to look for issues. Nothing found was a serious problem. But
on error paths there were quite a few cleanups. If you measure the project by
findings from static analysis, you should be happier with the scan results.
Gcc 16 has new features and this update fixes the many const problems reported
by the new compiler.
So, my message about this release is that this really is the cleanup from all
the change. There are no plans in the near term roadmap that would have the
amount of change we saw last year.
If you notice any problems with this release, please let us know.
SHA256: 866a659c91746ee4436fa6f99d4f80768fc1a3aa92e6ec2081e353fcfc79589f
-Steve
2 weeks, 5 days
- 1
- 0
- ← Newer
- 1
- Older →