Find the answer to your Linux question:
Page 1 of 3 1 2 3 LastLast
Results 1 to 10 of 23
It was working all fine. But I deleted all the thing in the /var/log dierectory.Now auditd won't start. The log file /var/log/messages says auditd:cannot access /var/log/auditd :Permission denied I replaced ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2006
    Location
    Kerala,India
    Posts
    31

    Unhappy cannot connect by dialup


    It was working all fine. But I deleted all the thing in the /var/log dierectory.Now auditd won't start. The log file /var/log/messages says
    auditd:cannot access /var/log/auditd :Permission denied
    I replaced all the files from trash, but it didn't do
    I also changed the log file to /tmp/auditd.log from /etc/auditd.conf, but it also says "permission denied". Now I can't establish a connection. pppd exists with error 19.It says "cannot authenticize to peers". Does this have anything to do with auditd?




    Will I have to reinstall Fedora Core 4?
    I am sure that you can answer me. I am afraid of reinstalling because all my downloaded programs will be lost.


    Please Help me.

  2. #2
    Linux User
    Join Date
    Aug 2006
    Location
    Croydon, PA
    Posts
    392
    You problably have to set the permissions pm the file.

    drwxr-x--- 2 root root 4096 Nov 19 2005 audit

    commands will be:

    chown root:root audit
    chmod 750 audit

    Do this in the /var/log directory as root.

  3. #3
    Just Joined!
    Join Date
    Jul 2006
    Location
    Kerala,India
    Posts
    31

    Sorry It didn't work

    I did what you said, but auditd continues to fail

  4. $spacer_open
    $spacer_close
  5. #4
    Linux User
    Join Date
    Aug 2006
    Location
    Croydon, PA
    Posts
    392
    Try this as root:

    service auditd restart

  6. #5
    Just Joined!
    Join Date
    Jul 2006
    Location
    Kerala,India
    Posts
    31

    It also failed

    Sorry, but it also failed
    When I typed in, the result was
    stopping auditd [FAILED]
    starting auditd [FAILED]


    Here are the log messages from /var/log/messages. I hope they will help




    Aug 28 21:45:22 localhost kernel: audit(1156781722.177:: avc: denied { read } for pid=2449 comm="auditd" name=audit dev=dm-0 ino=949262 scontext=root:system_r:auditd_t tcontext=system_u:object_r:var_log_t tclass=dir
    Aug 28 21:45:22 localhost auditd: Could not open dir /var/log/audit (Permission denied)
    Aug 28 21:45:22 localhost auditd: The audit daemon is exiting.

    Aug 28 21:45:22 localhost kernel: audit(1156781722.592:9): audit_backlog_limit=256 old=256 by auid=4294967295

    Aug 28 21:45:32 localhost kernel: audit(1156781732.487:10): avc: denied { read } for pid=2469 comm="auditd" name=audit dev=dm-0 ino=949262 scontext=root:system_r:auditd_t tcontext=system_u:object_r:var_log_t tclass=dir

    Aug 28 21:45:32 localhost auditd: Could not open dir /var/log/audit (Permission denied)

    Aug 28 21:45:32 localhost auditd: The audit daemon is exiting.
    Aug 28 21:45:32 localhost kernel: audit(1156781732.901:11): audit_backlog_limit=256 old=256 by auid=4294967295

    Aug 28 21:46:08 localhost kernel: audit(1156781768.698:12): avc: denied { read } for pid=2494 comm="auditd" name=audit dev=dm-0 ino=949262 scontext=root:system_r:auditd_t tcontext=system_u:object_r:var_log_t tclass=dir
    Aug 28 21:46:08 localhost auditd: Could not open dir /var/log/audit (Permission denied)

    Aug 28 21:46:08 localhost auditd: The audit daemon is exiting.
    Aug 28 21:46:09 localhost kernel: audit(1156781769.128:13): audit_backlog_limit=256 old=256 by auid=4294967295





    Now I am thinking of reinstalling the system or upgrade it to FC5

  7. #6
    Linux User
    Join Date
    Aug 2006
    Location
    Croydon, PA
    Posts
    392
    An upgrade to FC5 will only let the condition continue.
    Reinstall? Well that is up to you, but this is what is fun, troubleshooting!!
    Remember from now on make backup copies of file you are going to delete, till you know you are ok.

    Anyway, you stated earilier: "I also changed the log file to /tmp/auditd.log from /etc/auditd.conf, but it also says "permission denied".", why?
    Did you change it back?
    are you sure you arein as "root", did you su to it this way:

    su -
    that is <su><space><dash><space><return key>

    I only say that becase you should not be getting all these permissions denied.
    Also do a,
    ps -elf|grep auditd
    and show the output from it.

  8. #7
    Just Joined!
    Join Date
    Jul 2006
    Location
    Kerala,India
    Posts
    31

    I ran as root

    I ran the commands as root. I logged in as root. I apreciate your sprit for troubleshooting. I am currently running Windows. Please stay online while I restart and get the output. We can continue this like a chat if you like

  9. #8
    Just Joined!
    Join Date
    Jul 2006
    Location
    Kerala,India
    Posts
    31

    Log file

    I had changed the log file and it is currently /var/log/audit/atditd.log

  10. #9
    Linux User
    Join Date
    Aug 2006
    Location
    Croydon, PA
    Posts
    392
    I home sick so it is not a problem.

  11. #10
    Just Joined!
    Join Date
    Jul 2006
    Location
    Kerala,India
    Posts
    31

    Output of ps -elf | grep auditd

    Here is the output of the command you gave me






    1 S root 1644 6 0 71 -5 - 0 kaudit 22:56 ? 00:00:00 [kauditd]

    0 R root 2424 2378 0 76 0 - 939 - 22:58 pts/1 00:00:00 grep auditd



    Hope that helps

Page 1 of 3 1 2 3 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •