English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Forum Index Thảo luận hệ điều hành *nix auditd start failed  XML
  [Question]   auditd start failed 01/07/2010 12:20:31 (+0700) | #1 | 214400
[Avatar]
 dexxa
Member
[Minus]    0    [Plus]
Joined: 01/07/2006 20:35:01
Messages: 121
Offline
[Profile] [PM]
Hi all

Em cài auditd để theo dõi việc read - write các file , folder của hệ thống . Máy em chạy centOS 5 x86_64

Code:
yum install audit.x86_64


Chmod cho Chown cho file /var/log/audit/audit.log

Code:
chown root:root audit.log

Code:
chmod -R /var/log/audit


Start lên thì bị lỗi
Code:
Jul  1 13:22:00 server01 auditd[21901]: [b]Unable to set audit pid, exiting[/b]
Jul  1 13:22:00 server01 auditd[21901]: The audit daemon is exiting.
Jul  1 13:22:00 server01 auditd: Cannot daemonize (Success)
Jul  1 13:22:00 server01 auditd: The audit daemon is exiting.


Em phải giải quyết thế nào ạ
Cám ơn mọi người
[Up] [Print Copy]
  [Question]   auditd start failed 01/07/2010 12:32:59 (+0700) | #2 | 214401
[Avatar]
 conmale
Administrator
Joined: 07/05/2004 23:43:15
Messages: 9353
Location: down under
Offline
[Profile] [PM]
chmod -R /var/log/audit có nghĩa là sao?

Unable to set audit pid, exiting ----> auditd chạy bằng account nào?
What bringing us together is stronger than what pulling us apart.
[Up] [Print Copy]
  [Question]   auditd start failed 01/07/2010 12:54:35 (+0700) | #3 | 214404
[Avatar]
 dexxa
Member
[Minus]    0    [Plus]
Joined: 01/07/2006 20:35:01
Messages: 121
Offline
[Profile] [PM]
Sorry cháu nhầm . Cháu định gõ là

chmod -R 600 /var/log//audit

Tất cả cháu đều thực hiện = account root
[Up] [Print Copy]
  [Question]   auditd start failed 01/07/2010 13:10:26 (+0700) | #4 | 214405
[Avatar]
 conmale
Administrator
Joined: 07/05/2004 23:43:15
Messages: 9353
Location: down under
Offline
[Profile] [PM]

dexxa wrote:
Sorry cháu nhầm . Cháu định gõ là

chmod -R 600 /var/log//audit

Tất cả cháu đều thực hiện = account root 


Bồ thử start auditd lên một lần nữa vào coi trong /var/log/messages ngay thời điểm đó nó báo cái gì. Post chi tiết đó lên đây nha.
What bringing us together is stronger than what pulling us apart.
[Up] [Print Copy]
  [Question]   auditd start failed 01/07/2010 14:05:49 (+0700) | #5 | 214408
[Avatar]
 dexxa
Member
[Minus]    0    [Plus]
Joined: 01/07/2006 20:35:01
Messages: 121
Offline
[Profile] [PM]
Code:
Jul  1 15:12:40 server01 auditd[7911]: Started dispatcher: /sbin/audispd pid: 7913
Jul  1 15:12:41 server01 audispd: af_unix plugin initialized
Jul  1 15:12:41 server01 audispd: audispd initialized with q_depth=80 and 1 active plugins
Jul  1 15:12:41 server01 auditd[7911]: Unable to set audit pid, exiting
Jul  1 15:12:42 server01 auditd[7911]: The audit daemon is exiting.
Jul  1 15:12:42 server01 auditd: Cannot daemonize (Success)
Jul  1 15:12:42 server01 auditd: The audit daemon is exiting.


Đây ạ
[Up] [Print Copy]
  [Question]   auditd start failed 01/07/2010 14:14:48 (+0700) | #6 | 214409
[Avatar]
 conmale
Administrator
Joined: 07/05/2004 23:43:15
Messages: 9353
Location: down under
Offline
[Profile] [PM]

dexxa wrote:
Code:
Jul  1 15:12:40 server01 auditd[7911]: Started dispatcher: /sbin/audispd pid: 7913
Jul  1 15:12:41 server01 audispd: af_unix plugin initialized
Jul  1 15:12:41 server01 audispd: audispd initialized with q_depth=80 and 1 active plugins
Jul  1 15:12:41 server01 auditd[7911]: Unable to set audit pid, exiting
Jul  1 15:12:42 server01 auditd[7911]: The audit daemon is exiting.
Jul  1 15:12:42 server01 auditd: Cannot daemonize (Success)
Jul  1 15:12:42 server01 auditd: The audit daemon is exiting.


Đây ạ  


Hừm... không có thêm thông tin nào khác. Thử disable linuxSE trên máy rồi start auditd lại xem sao?
What bringing us together is stronger than what pulling us apart.
[Up] [Print Copy]
  [Question]   auditd start failed 01/07/2010 21:08:52 (+0700) | #7 | 214429
[Avatar]
 dexxa
Member
[Minus]    0    [Plus]
Joined: 01/07/2006 20:35:01
Messages: 121
Offline
[Profile] [PM]
Cháu disable rồi mà vẫn không đc smilie
[Up] [Print Copy]
  [Question]   auditd start failed 02/07/2010 04:44:21 (+0700) | #8 | 214444
[Avatar]
 conmale
Administrator
Joined: 07/05/2004 23:43:15
Messages: 9353
Location: down under
Offline
[Profile] [PM]

dexxa wrote:
Cháu disable rồi mà vẫn không đc smilie  


Bồ cho biết thêm, Centos đang chạy kernel phiên bản mấy và audit đang chạy phiên bản mấy.
What bringing us together is stronger than what pulling us apart.
[Up] [Print Copy]
  [Question]   auditd start failed 02/07/2010 07:12:46 (+0700) | #9 | 214450
[Avatar]
 dexxa
Member
[Minus]    0    [Plus]
Joined: 01/07/2006 20:35:01
Messages: 121
Offline
[Profile] [PM]
# cat /proc/version
Linux version 2.6.18-164.11.1.el5.028stab068.5 (root@rhel5-build-x64) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) #1 SMP Mon Mar 15 19:26:36 MSK 2010

# yum install audit.x86_64 : User space tools for 2.6 kernel auditing

Đây chú ạ.
[Up] [Print Copy]
  [Question]   auditd start failed 02/07/2010 07:28:06 (+0700) | #10 | 214451
[Avatar]
 quanta
Moderator
Joined: 28/07/2006 14:44:21
Messages: 7265
Location: $ locate `whoami`
Offline
[Profile] [PM]
grep -i audit /usr/src/linux/.config?
Let's build on a great foundation!
[Up] [Print Copy]
  [Question]   auditd start failed 02/07/2010 07:45:32 (+0700) | #11 | 214452
[Avatar]
 dexxa
Member
[Minus]    0    [Plus]
Joined: 01/07/2006 20:35:01
Messages: 121
Offline
[Profile] [PM]
Trong máy em không có đường dẫn ấy anh quanta ạ.
Code:
cd /usr/src/; ls

debug/ kernels/ redhat/ rpm-build/
[Up] [Print Copy]
  [Question]   auditd start failed 02/07/2010 07:54:58 (+0700) | #12 | 214456
[Avatar]
 quanta
Moderator
Joined: 28/07/2006 14:44:21
Messages: 7265
Location: $ locate `whoami`
Offline
[Profile] [PM]

dexxa wrote:
Trong máy em không có đường dẫn ấy anh quanta ạ.
Code:
cd /usr/src/; ls

debug/ kernels/ redhat/ rpm-build/
 

Mình quên mất là bạn đang dùng CentOS:
Code:
# grep -i audit /usr/src/kernels/`uname -r`-`uname -p`/.config
Let's build on a great foundation!
[Up] [Print Copy]
  [Question]   auditd start failed 02/07/2010 08:28:33 (+0700) | #13 | 214462
[Avatar]
 conmale
Administrator
Joined: 07/05/2004 23:43:15
Messages: 9353
Location: down under
Offline
[Profile] [PM]

dexxa wrote:
# cat /proc/version
Linux version 2.6.18-164.11.1.el5.028stab068.5 (root@rhel5-build-x64) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) #1 SMP Mon Mar 15 19:26:36 MSK 2010

# yum install audit.x86_64 : User space tools for 2.6 kernel auditing

Đây chú ạ.  


Thử rpm -q audit xem nó báo phiên bản của audit là mấy?
What bringing us together is stronger than what pulling us apart.
[Up] [Print Copy]
  [Question]   auditd start failed 02/07/2010 10:47:25 (+0700) | #14 | 214501
[Avatar]
 dexxa
Member
[Minus]    0    [Plus]
Joined: 01/07/2006 20:35:01
Messages: 121
Offline
[Profile] [PM]
Đây ạ . Version 1.7
audit-libs-1.7.17-3.el5
audit-libs-1.7.17-3.el5
audit-libs-devel-1.7.17-3.el5
audit-libs-python-1.7.17-3.el5
audit-1.7.17-3.el5

Cháu tìm ra rồi . Cái này gói librequire phải là glibc-kernheaders>=3.0.

Đã yum update để cập nhật toàn bộ. Cháu nghĩ sau phát này thằng audit sẽ chạy tốt thôi

Cám ơn anh quanta & chú male
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|