From mboxrd@z Thu Jan  1 00:00:00 1970
From: Burn Alting <burn@swtf.dyndns.org>
Subject: Re: Failure flag "0" doesn't work
Date: Thu, 20 Aug 2015 19:39:34 +1000
Message-ID: <1440063574.3479.2.camel@swtf.swtf.dyndns.org>
References: <CAJeTBw8Kc-+hJvRpwdjprUWi8PY-dqdSToY_MY=SBNRYY+PCZA@mail.gmail.com>
Reply-To: burn@swtf.dyndns.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx03.extmail.prod.ext.phx2.redhat.com
	[10.5.110.27])
	by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id t7K9diqQ030287
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NO)
	for <linux-audit@redhat.com>; Thu, 20 Aug 2015 05:39:44 -0400
Received: from swtf.swtf.dyndns.org (203-219-87-38.static.tpgi.com.au
	[203.219.87.38]) by mx1.redhat.com (Postfix) with ESMTP id 88D698CF58
	for <linux-audit@redhat.com>; Thu, 20 Aug 2015 09:39:42 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by swtf.swtf.dyndns.org (Postfix) with ESMTP id 2AE4030543FA6
	for <linux-audit@redhat.com>; Thu, 20 Aug 2015 19:39:40 +1000 (AEST)
Received: from swtf.swtf.dyndns.org ([127.0.0.1])
	by localhost (gateway.swtf.dyndns.org [127.0.0.1]) (amavisd-new,
	port 10024) with ESMTP id 9uJnq9khbQzk for <linux-audit@redhat.com>;
	Thu, 20 Aug 2015 19:39:35 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by swtf.swtf.dyndns.org (Postfix) with ESMTP id 6831A30543FA9
	for <linux-audit@redhat.com>; Thu, 20 Aug 2015 19:39:35 +1000 (AEST)
In-Reply-To: <CAJeTBw8Kc-+hJvRpwdjprUWi8PY-dqdSToY_MY=SBNRYY+PCZA@mail.gmail.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Alex Beljanski <alex.barut@gmail.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Alex,

Can you provide a little more detail?

Perhaps your /etc/audit/auditd.conf, /etc/audit/rules.d/*, your test
case, the expected outcome and the outcome you actually get.

Regards

On Thu, 2015-08-20 at 11:09 +0300, Alex Beljanski wrote:
> Hi!
> 
> 
> We have problem in CentOS 7 with auditd.
> 
> For our servers we set failure flag 0, but kernel write messages and
> we see them in dmesg.
> 
> uname -a
> Linux 3.10.0-229.11.1.el7.x86_64 #1 SMP Thu Aug 6 01:06:18 UTC 2015
> x86_64 x86_64 x86_64 GNU/Linux
> 
> # rpm -qa | grep audit
> audit-2.4.1-5.el7.x86_64
> 
> 
> Why this doesn't work?
> 
> 
> 
> 
> 
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit