From: "Bob Beck" <beck@assurtech.com>
To: linux-audit@redhat.com
Subject: Can auditd run in lxc on centos7
Date: Thu, 5 Apr 2018 12:26:15 -0400 [thread overview]
Message-ID: <002a01d3ccfa$d247fda0$76d7f8e0$@assurtech.com> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 1953 bytes --]
Hi,
I am attempting to run auditd in centos7 inside a lxc container.
Here is the log I get when I run auditd -f
onfig file /etc/audit/auditd.conf opened for parsing
log_file_parser called with: /var/log/audit.log
log_format_parser called with: RAW
log_group_parser called with: root
priority_boost_parser called with: 4
flush_parser called with: INCREMENTAL
freq_parser called with: 20
num_logs_parser called with: 5
qos_parser called with: lossy
dispatch_parser called with: /usr/sbin/audispd
name_format_parser called with: NONE
max_log_size_parser called with: 6
max_log_size_action_parser called with: ROTATE
space_left_parser called with: 75
space_action_parser called with: SYSLOG
action_mail_acct_parser called with: root
admin_space_left_parser called with: 50
admin_space_left_action_parser called with: SUSPEND
disk_full_action_parser called with: SUSPEND
disk_error_action_parser called with: SUSPEND
tcp_listen_queue_parser called with: 5
tcp_max_per_addr_parser called with: 1
tcp_client_max_idle_parser called with: 0
enable_krb5_parser called with: no
GSSAPI support is not enabled, ignoring value at line 30
krb5_principal_parser called with: auditd
GSSAPI support is not enabled, ignoring value at line 31
Started dispatcher: /usr/sbin/audispd pid: 3028
type=DAEMON_START msg=audit(1522944040.042:592): op=start ver=2.8.4
format=raw kernel=3.10.0-693.17.1.el7.centos.plus.i686 auid=4294967295
pid=3026 uid=0 ses=4294967295 subj=system_u:system_r:init_t res=success
config_manager init complete
Error sending status request (Connection refused)
Error sending enable request (Connection refused)
type=DAEMON_ABORT msg=audit(1522944040.043:593): op=set-enable
auid=4294967295 pid=3026 uid=0 ses=4294967295 subj=system_u:system_r:init_t
res=failed
Unable to set initial audit startup state to 'enable', exiting
The audit daemon is exiting.
Error setting audit daemon pid (Connection refused)
[-- Attachment #1.2: Type: text/html, Size: 4820 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
next reply other threads:[~2018-04-05 16:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-05 16:26 Bob Beck [this message]
2018-04-05 16:37 ` Can auditd run in lxc on centos7 Steve Grubb
2018-04-05 16:52 ` Bob Beck
2018-04-05 16:57 ` Richard Guy Briggs
2018-04-05 18:28 ` Steve Grubb
2018-04-09 19:52 ` John Jasen
2018-04-09 20:59 ` Richard Guy Briggs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='002a01d3ccfa$d247fda0$76d7f8e0$@assurtech.com' \
--to=beck@assurtech.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.