* auditctl -1 User ID
@ 2009-02-18 17:16 Dan Gruhn
2009-02-18 17:30 ` Steve Grubb
0 siblings, 1 reply; 3+ messages in thread
From: Dan Gruhn @ 2009-02-18 17:16 UTC (permalink / raw)
To: linux-audit
I'm getting an auditctl startup SELinux violation that is showing up
with a user ID of -1 (4294967295 in my case). I can fix the violation,
but before I do I thought I saw something a while back about setting a
parameter or defining a variable on power-up so that one didn't get the
-1 for something that came up in the wrong order.
I've search blog.gmane.org/gmane.linux.redhat.security.audit and can't
seem to find it. Am I all wet or can someone help me with this?
Thanks,
Dan
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: auditctl -1 User ID
2009-02-18 17:16 auditctl -1 User ID Dan Gruhn
@ 2009-02-18 17:30 ` Steve Grubb
2009-02-18 21:24 ` Dan Gruhn
0 siblings, 1 reply; 3+ messages in thread
From: Steve Grubb @ 2009-02-18 17:30 UTC (permalink / raw)
To: linux-audit
On Wednesday 18 February 2009 12:16:14 pm Dan Gruhn wrote:
> I'm getting an auditctl startup SELinux violation that is showing up
> with a user ID of -1 (4294967295 in my case).
-1 means that the command was run by something that was not initiated by a
login. IOW, probably initscripts.
> I can fix the violation, but before I do I thought I saw something a while
> back about setting a parameter or defining a variable on power-up so that
> one didn't get the -1 for something that came up in the wrong order.
There is nothing that fixes that. This is just a statement of fact. The error
originated from a non-login path. What you might be remembering is that you
should put a audit=1 in the boot params of the kernel. This is so that you
don't have any unauditable processes.
-Steve
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: auditctl -1 User ID
2009-02-18 17:30 ` Steve Grubb
@ 2009-02-18 21:24 ` Dan Gruhn
0 siblings, 0 replies; 3+ messages in thread
From: Dan Gruhn @ 2009-02-18 21:24 UTC (permalink / raw)
Cc: linux-audit
Thanks Steve.
Steve Grubb wrote:
> On Wednesday 18 February 2009 12:16:14 pm Dan Gruhn wrote:
>
>> I'm getting an auditctl startup SELinux violation that is showing up
>> with a user ID of -1 (4294967295 in my case).
>>
>
> -1 means that the command was run by something that was not initiated by a
> login. IOW, probably initscripts.
>
>
>
>> I can fix the violation, but before I do I thought I saw something a while
>> back about setting a parameter or defining a variable on power-up so that
>> one didn't get the -1 for something that came up in the wrong order.
>>
>
> There is nothing that fixes that. This is just a statement of fact. The error
> originated from a non-login path. What you might be remembering is that you
> should put a audit=1 in the boot params of the kernel. This is so that you
> don't have any unauditable processes.
>
> -Steve
>
--
Dan Gruhn
Group W Inc.
8315 Lee Hwy, Suite 303
Fairfax, VA, 22031
PH: (703) 752-5831
FX: (703) 752-5851
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-02-18 21:24 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-02-18 17:16 auditctl -1 User ID Dan Gruhn
2009-02-18 17:30 ` Steve Grubb
2009-02-18 21:24 ` Dan Gruhn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox