Re: audit 1.2.2 released
I tried 1.0.14. It compiles without any problem. But after I ran
"./auditd", I got the following error messages in /var/log/messages:
--------- ERROR MSGS -----------------------------------
May 22 15:35:03 shanghai auditd[16985]: Error sending failure mode
request (Connection refused)
May 22 15:35:03 shanghai auditd[16985]: Unable to set audit pid, exiting
May 22 15:35:03 shanghai auditd[16985]: The audit daemon is exiting.
May 22 15:35:03 shanghai auditd[16985]: Error sending failure mode
request (Connection refused)
May 22 15:35:03 shanghai auditd: Cannot daemonize (No child processes)
May 22 15:35:03 shanghai auditd: The audit daemon is exiting.
What's wrong with it? I am using FC4, but the kernel is 2.6.12 with xen support.
Thanks in advance!
Xin
On 5/22/06, Steve Grubb <sgrubb(a)redhat.com> wrote:
On Monday 22 May 2006 15:15, Xin Zhao wrote:
> Is it possible to make auditd compilable to vanilla kernel 2.6.12?
> That makes auditd easier to use.
You should be able to use audit-1.0.14 with that kernel. The only issue you
may run into is kernel headers for linux/audit.h. But it should work.
Auditing was not really stable, though, until the 2.6.14 kernel.
-Steve