[CentOS] Auditd fails to start : Connection refused

Tom Laramee laramee at pobox.com
Fri Dec 11 18:08:19 UTC 2009


i have an x86_64 Centos5.3 box and i'm trying to run auditd. it fails on startup and this is the O/P at the end:

	config_manager init complete
	Error setting audit daemon pid (Connection refused)
	type=DAEMON_ABORT msg=audit(1260554376.697:5674): auditd error halt, auid=4294967295 pid=32702 res=failed
	Unable to set audit pid, exiting
	The audit daemon is exiting.
	Error setting audit daemon pid (Connection refused)

the only thing i've learned from asking google is that it's a potential problem with the interaction between selinux & auditd, but i haven't found a solution.

two questions:

1. anyone know what the problem is?  (that or my next step in diagnosing it)

2. if i can't solve it, is there an alternative method for adding watchpoints to 
	directories such that i can be notified of WRITE events for files in that 
	directory (and preferably for all of it's subdirectories)?  

My kernel version is 2.6.18 (full info below).  
The audit version is audit.x86_64 0:1.7.13-2.el5   


Name       : kernel
Arch       : x86_64
Version    : 2.6.18
Release    : 164.6.1.el5
Size       : 18 M
Repo       : updates
Summary    : The Linux kernel (the core of the Linux operating system)
URL        : http://www.kernel.org/

More information about the CentOS mailing list