From mboxrd@z Thu Jan  1 00:00:00 1970
From: Kangkook Jee <aixer77@gmail.com>
Subject: Re: Running auditd from  Raspberry Pi (Raspbian)
Date: Mon, 26 Oct 2015 17:18:12 -0400
Message-ID: <75B9BC31-3878-4739-8F47-369C4FD5FFA5@gmail.com>
References: <E4233D65-A74A-4AE0-819C-BE1863408B26@gmail.com>
	<1761781.EmJWtSeSBl@x2>
	<7941F2ED-39A0-45E7-815D-5F46CD859579@gmail.com>
	<2580157.z3kgxFZchv@x2>
	<079DE06B-6E74-486D-8031-847A378DACF8@gmail.com>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Content-Type: multipart/mixed; boundary="===============4062630959849005080=="
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <079DE06B-6E74-486D-8031-847A378DACF8@gmail.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Steve Grubb <sgrubb@redhat.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com


--===============4062630959849005080==
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_6EA38B20-B6A4-43A4-949F-C485F0DD2B7D"


--Apple-Mail=_6EA38B20-B6A4-43A4-949F-C485F0DD2B7D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

This time, I built with =E2=80=94with-arm option and tried again. It =
still fails but with different error message.


pi@raspberrypi ~/audit-2.4.4 $ grep arm config.status
ac_cs_config=3D"'--with-arm'"
  set X /bin/bash './configure'  '--with-arm' $ac_configure_extra_args =
--no-create --no-recursion
host=3D'armv7l-unknown-linux-gnueabihf'
build=3D'armv7l-unknown-linux-gnueabihf'
sys_lib_search_path_spec=3D'/usr/lib/gcc/arm-linux-gnueabihf/4.9 =
/usr/lib/arm-linux-gnueabihf /usr/lib /lib/arm-linux-gnueabihf /lib '
sys_lib_dlsearch_path_spec=3D'/lib64 /usr/lib64 /lib /usr/lib =
/opt/vc/lib /lib/arm-linux-gnueabihf /usr/lib/arm-linux-gnueabihf =
/usr/lib/arm-linux-gnueabihf/libfakeroot /usr/local/lib '
S["target_cpu"]=3D"armv7l"
S["target"]=3D"armv7l-unknown-linux-gnueabihf"
S["host_cpu"]=3D"armv7l"
S["host"]=3D"armv7l-unknown-linux-gnueabihf"
S["build_cpu"]=3D"armv7l"
S["build"]=3D"armv7l-unknown-linux-gnueabihf"
pi@raspberrypi ~/audit-2.4.4 $ sudo src/auditctl -a exit,always -S =
execve
Error sending add rule data request (Invalid argument)


> On Oct 26, 2015, at 4:57 PM, Kangkook Jee <aixer77@gmail.com> wrote:
>=20
> I added =E2=80=9C=E2=80=94with-armeb=E2=80=9D should it be just =
=E2=80=9C=E2=80=94with-arm=E2=80=9D ?
>=20
> This following shows my configuration status.
>=20
> pi@raspberrypi ~/audit-2.4.4 $ grep arm config.status
> ac_cs_config=3D"'--with-armeb'"
>  set X /bin/bash './configure'  '--with-armeb' =
$ac_configure_extra_args --no-create --no-recursion
> host=3D'armv7l-unknown-linux-gnueabihf'
> build=3D'armv7l-unknown-linux-gnueabihf'
> sys_lib_search_path_spec=3D'/usr/lib/gcc/arm-linux-gnueabihf/4.9 =
/usr/lib/arm-linux-gnueabihf /usr/lib /lib/arm-linux-gnueabihf /lib '
> sys_lib_dlsearch_path_spec=3D'/lib64 /usr/lib64 /lib /usr/lib =
/opt/vc/lib /lib/arm-linux-gnueabihf /usr/lib/arm-linux-gnueabihf =
/usr/lib/arm-linux-gnueabihf/libfakeroot /usr/local/lib '
> S["target_cpu"]=3D"armv7l"
> S["target"]=3D"armv7l-unknown-linux-gnueabihf"
> S["host_cpu"]=3D"armv7l"
> S["host"]=3D"armv7l-unknown-linux-gnueabihf"
> S["build_cpu"]=3D"armv7l"
> S["build"]=3D"armv7l-unknown-linux-gnueabihf=E2=80=9D
>=20
>=20
>> On Oct 26, 2015, at 4:37 PM, Steve Grubb <sgrubb@redhat.com> wrote:
>>=20
>> On Monday, October 26, 2015 04:25:57 PM Kangkook Jee wrote:
>>> Dear Steve,
>>>=20
>>> I built auditctl from recent audit source and tried it again but I =
failed
>>> with the following errors.
>>>=20
>>> pi@raspberrypi ~/audit-2.4.4 $ sudo auditctl -e1 -b 102400
>>> AUDIT_STATUS: enabled=3D1 flag=3D1 pid=3D2022 rate_limit=3D0 =
backlog_limit=3D320
>>> lost=3D0 backlog=3D0 (reverse-i-search)`b': sudo auditctl -e1 =
-^C102400
>>> pi@raspberrypi ~/audit-2.4.4 $ sudo src/auditctl -a exit,always -F
>>> arch=3Darmeb -S clone arch elf mapping not found
>>> pi@raspberrypi ~/audit-2.4.4 $ sudo src/auditctl -a exit,always -S =
clone
>>> Error detecting machine type
>>>=20
>>> Would you help me with this?
>>=20
>> Did you add --with-arm to the ./configure line? Its disabled by =
default.
>>=20
>> -Steve
>=20


--Apple-Mail=_6EA38B20-B6A4-43A4-949F-C485F0DD2B7D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><div class=3D"">This time, I built with =E2=80=94with-arm =
option and tried again. It still fails but with different error =
message.</div><div class=3D""><br class=3D""></div><div class=3D""><br =
class=3D""></div><div class=3D""><div class=3D"">pi@raspberrypi =
~/audit-2.4.4 $ grep arm config.status</div><div =
class=3D"">ac_cs_config=3D"'--with-arm'"</div><div class=3D"">&nbsp; set =
X /bin/bash './configure' &nbsp;'--with-arm' $ac_configure_extra_args =
--no-create --no-recursion</div><div =
class=3D"">host=3D'armv7l-unknown-linux-gnueabihf'</div><div =
class=3D"">build=3D'armv7l-unknown-linux-gnueabihf'</div><div =
class=3D"">sys_lib_search_path_spec=3D'/usr/lib/gcc/arm-linux-gnueabihf/4.=
9 /usr/lib/arm-linux-gnueabihf /usr/lib /lib/arm-linux-gnueabihf /lib =
'</div><div class=3D"">sys_lib_dlsearch_path_spec=3D'/lib64 /usr/lib64 =
/lib /usr/lib /opt/vc/lib /lib/arm-linux-gnueabihf =
/usr/lib/arm-linux-gnueabihf /usr/lib/arm-linux-gnueabihf/libfakeroot =
/usr/local/lib '</div><div class=3D"">S["target_cpu"]=3D"armv7l"</div><div=
 class=3D"">S["target"]=3D"armv7l-unknown-linux-gnueabihf"</div><div =
class=3D"">S["host_cpu"]=3D"armv7l"</div><div =
class=3D"">S["host"]=3D"armv7l-unknown-linux-gnueabihf"</div><div =
class=3D"">S["build_cpu"]=3D"armv7l"</div><div =
class=3D"">S["build"]=3D"armv7l-unknown-linux-gnueabihf"</div><div =
class=3D""><b class=3D"">pi@raspberrypi ~/audit-2.4.4 $ sudo =
src/auditctl -a exit,always -S execve</b></div><div class=3D""><b =
class=3D"">Error sending add rule data request (Invalid =
argument)</b></div></div><div class=3D""><br class=3D""></div><br =
class=3D""><div><blockquote type=3D"cite" class=3D""><div class=3D"">On =
Oct 26, 2015, at 4:57 PM, Kangkook Jee &lt;<a =
href=3D"mailto:aixer77@gmail.com" class=3D"">aixer77@gmail.com</a>&gt; =
wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D"">I =
added =E2=80=9C=E2=80=94with-armeb=E2=80=9D should it be just =
=E2=80=9C=E2=80=94with-arm=E2=80=9D ?<br class=3D""><br class=3D"">This =
following shows my configuration status.<br class=3D""><br =
class=3D"">pi@raspberrypi ~/audit-2.4.4 $ grep arm config.status<br =
class=3D"">ac_cs_config=3D"'--with-armeb'"<br class=3D""> &nbsp;set X =
/bin/bash './configure' &nbsp;'--with-armeb' $ac_configure_extra_args =
--no-create --no-recursion<br =
class=3D"">host=3D'armv7l-unknown-linux-gnueabihf'<br =
class=3D"">build=3D'armv7l-unknown-linux-gnueabihf'<br =
class=3D"">sys_lib_search_path_spec=3D'/usr/lib/gcc/arm-linux-gnueabihf/4.=
9 /usr/lib/arm-linux-gnueabihf /usr/lib /lib/arm-linux-gnueabihf /lib =
'<br class=3D"">sys_lib_dlsearch_path_spec=3D'/lib64 /usr/lib64 /lib =
/usr/lib /opt/vc/lib /lib/arm-linux-gnueabihf =
/usr/lib/arm-linux-gnueabihf /usr/lib/arm-linux-gnueabihf/libfakeroot =
/usr/local/lib '<br class=3D"">S["target_cpu"]=3D"armv7l"<br =
class=3D"">S["target"]=3D"armv7l-unknown-linux-gnueabihf"<br =
class=3D"">S["host_cpu"]=3D"armv7l"<br =
class=3D"">S["host"]=3D"armv7l-unknown-linux-gnueabihf"<br =
class=3D"">S["build_cpu"]=3D"armv7l"<br =
class=3D"">S["build"]=3D"armv7l-unknown-linux-gnueabihf=E2=80=9D<br =
class=3D""><br class=3D""><br class=3D""><blockquote type=3D"cite" =
class=3D"">On Oct 26, 2015, at 4:37 PM, Steve Grubb &lt;<a =
href=3D"mailto:sgrubb@redhat.com" class=3D"">sgrubb@redhat.com</a>&gt; =
wrote:<br class=3D""><br class=3D"">On Monday, October 26, 2015 04:25:57 =
PM Kangkook Jee wrote:<br class=3D""><blockquote type=3D"cite" =
class=3D"">Dear Steve,<br class=3D""><br class=3D"">I built auditctl =
from recent audit source and tried it again but I failed<br =
class=3D"">with the following errors.<br class=3D""><br =
class=3D"">pi@raspberrypi ~/audit-2.4.4 $ sudo auditctl -e1 -b 102400<br =
class=3D"">AUDIT_STATUS: enabled=3D1 flag=3D1 pid=3D2022 rate_limit=3D0 =
backlog_limit=3D320<br class=3D"">lost=3D0 backlog=3D0 =
(reverse-i-search)`b': sudo auditctl -e1 -^C102400<br =
class=3D"">pi@raspberrypi ~/audit-2.4.4 $ sudo src/auditctl -a =
exit,always -F<br class=3D"">arch=3Darmeb -S clone arch elf mapping not =
found<br class=3D"">pi@raspberrypi ~/audit-2.4.4 $ sudo src/auditctl -a =
exit,always -S clone<br class=3D"">Error detecting machine type<br =
class=3D""><br class=3D"">Would you help me with this?<br =
class=3D""></blockquote><br class=3D"">Did you add --with-arm to the =
./configure line? Its disabled by default.<br class=3D""><br =
class=3D"">-Steve<br class=3D""></blockquote><br =
class=3D""></div></blockquote></div><br class=3D""></body></html>=

--Apple-Mail=_6EA38B20-B6A4-43A4-949F-C485F0DD2B7D--


--===============4062630959849005080==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============4062630959849005080==--