I have a redhat enterprise linux 4 update 1 based system running
2.6.13-2smp kernel with audit-1.0.3-6.EL4 and audit-libs-1.0.3-6.EL4
installed.
The problem is that when I start auditd I get this error:
[root@cmsstor02 etc]# /etc/init.d/auditd start
Starting auditd: [ OK ]
Error receiving watch list (Invalid argument)
There was an error in line 5 of /etc/audit.rules
auditd actually starts but I am concerned that the -D
option (which is what is on line 5 of /etc/audit.rules)
is not being recognized or honored.
I see that newer versions of the audit rpm may have fixed this
"* Thu May 26 2005 Steve Grubb <sgrubb(a)redhat.com> 0.9-1
- Translate numeric info to human readable for ausearch output
- add '-if' option to ausearch to select input file
- add '-c' option to ausearch to allow searching by comm field
- init script now deletes all rules when daemon stops
- Make auditctl display perms correctly in watch listings
*** - Make auditctl -D remove all watches"
but I do not have the glibc-kernheaders needed. Mine
are glibc-kernheaders-2.4-9.1.87 and audit-1.0.1201 needs
glibc-kernheaders>=2.4-9.1.95.
First - is this error I see really a problem?
Second: Is the fix above really a fix for the problem I am seeing?
If so is there any other way to get it fixed.
If not what is the fix?
Thanks in advance for any help that is provided.
lisa
--
Lisa Giacchetti
Fermilab Computing Division
USCMS Tier1 Facility Support
lisa at fnal dot gov | 1-630-840-8023