Tom Laramee wrote: > Greetings: > > i have an x86_64 Centos5.3 box and i'm trying to run auditd. it fails on startup and this is the O/P at the end: > > config_manager init complete > Error setting audit daemon pid (Connection refused) > type=DAEMON_ABORT msg=audit(1260554376.697:5674): auditd error halt, auid=4294967295 pid=32702 res=failed > Unable to set audit pid, exiting > The audit daemon is exiting. > Error setting audit daemon pid (Connection refused) > > the only thing i've learned from asking google is that it's a potential problem with the interaction between selinux & auditd, but i haven't found a solution. > > two questions: > > 1. anyone know what the problem is? (that or my next step in diagnosing it) > Are you running selinux in enforcing or permissive mode? sestatus to check - suggest you post > 2. if i can't solve it, is there an alternative method for adding watchpoints to > directories such that i can be notified of WRITE events for files in that > directory (and preferably for all of it's subdirectories)? > Consider running aide and ossec - these can notify you of changes to critical files and folders. > My kernel version is 2.6.18 (full info below). > The audit version is audit.x86_64 0:1.7.13-2.el5 > > thanks > --tom > > > Name : kernel > Arch : x86_64 > Version : 2.6.18 > Release : 164.6.1.el5 > Size : 18 M > Repo : updates > Summary : The Linux kernel (the core of the Linux operating system) > URL : http://www.kernel.org/ > > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -------------- next part -------------- A non-text attachment was scrubbed... Name: rkampen.vcf Type: text/x-vcard Size: 121 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20091211/e01da3a4/attachment-0005.vcf>