From mboxrd@z Thu Jan  1 00:00:00 1970
From: Robert Evans <bob.evans@jhuapl.edu>
Subject: Confused about audit=1 in grub.conf
Date: Thu, 28 Oct 2010 15:40:58 -0400
Message-ID: <4CC9D1CA.3050802@jhuapl.edu>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1531204813555223907=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx08.extmail.prod.ext.phx2.redhat.com
	[10.5.110.12])
	by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id o9SJfG2Z032725
	for <linux-audit@redhat.com>; Thu, 28 Oct 2010 15:41:16 -0400
Received: from jhuapl.edu (piper.jhuapl.edu [128.244.251.37])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o9SJf0GU004341
	for <linux-audit@redhat.com>; Thu, 28 Oct 2010 15:41:01 -0400
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

--===============1531204813555223907==
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#ffffff">
Hi,<br>
<br>
I did some research and am confused about starting the audit daemon at
boot time, so that you don't get auid's of 4294967295.<br>
<br>
In RHEL 5.5, my grub.conf looks like this:<br>
<br>
<blockquote>audit=1<br>
# grub.conf generated by anaconda<br>
#<br>
# Note that you do not have to rerun grub after making changes to this
file<br>
# NOTICE:&nbsp; You have a /boot partition.&nbsp; This means that<br>
#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; all kernel and initrd paths are relative to /boot/, eg.<br>
#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; root (hd0,0)<br>
#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; kernel /vmlinuz-version ro root=/dev/sda4<br>
#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; initrd /initrd-version.img<br>
#boot=/dev/sda<br>
default=0<br>
timeout=5<br>
splashimage=(hd0,0)/grub/splash.xpm.gz<br>
hiddenmenu<br>
title Red Hat Enterprise Linux Server (2.6.18-194.el5)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; root (hd0,0)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; kernel /vmlinuz-2.6.18-194.el5 ro root=LABEL=/ rhgb quiet<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; initrd /initrd-2.6.18-194.el5.img<br>
</blockquote>
<br>
audit=1 is the first line, so why am I still getting the 4294967295
auid's?<br>
<br>
Thanks<br>
<br>
</body>
</html>


--===============1531204813555223907==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============1531204813555223907==--