Re: Crash on Audit Failure
On Wednesday 13 June 2007 11:46:34 Paul Whitney wrote:
Can someone please tell me if the audit flag option "-f" is
set to 2 if the
system will shutdown, freeze or provide some warning that auditing has
stopped?
The -f 2 option controls how the *kernel* will react when it meets a failure
condition of some kind. The audit daemon itself takes care of problems like
being out of disk space. You can configure it to warn you that its getting
low on disk space with the space_left_action and admin_space_left_action.
What to do when completely out of disk space is set by the disk_full_action.
This is in the auditd.conf man page along with other tips in the NOTES
section.
I am trying to get RHEL 4 U4 certified and am having to prove that
the
system will "crash" once audit partition is full and auditing stops.
It will. This was tested for CAPP.
-Steve