Auditing doesnt work.

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Auditing doesnt work.

Postby Pazzie » Fri Aug 16, 2002 3:06 am

Hello,

Im using kernel 2.4.19 with the grsecurity patch and almost eveything seems to work just fine, (thank you for creating such great and free product)

However, the auditing on group level doesnt work, i have created a group like gredit:x:1007:user1 so that everyhting from that user must be logged, at least that should grsecure supose to do. But nothing happend.

Not a single entry in my logfiles, what could be the problem??
Pazzie
 
Posts: 3
Joined: Fri Aug 16, 2002 3:02 am

Postby spender » Fri Aug 16, 2002 10:23 am

Are kernel logs of level INFO being logged to a file by syslog? Check your /etc/syslog.conf file to find out. Auditing logs aren't logged the same way as security alerts.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Have that

Postby Pazzie » Sun Aug 18, 2002 5:49 am

*.info /var/log/grsec

Thats what i have in the syslog.conf, however iim getting a huge log file.
But there is still no grsec-auditing, strange thing is when i boot my pc i get
some kinda error with IOCTL TIOCGDEV unknown by Kernel, must the kernel be prepared for auditing or must i add an extra patch ?.
Pazzie
 
Posts: 3
Joined: Fri Aug 16, 2002 3:02 am

Postby spender » Wed Aug 21, 2002 9:24 am

auditing should automatically work. What auditing options did you select?

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Auditing

Postby Pazzie » Wed Aug 21, 2002 11:10 am

Single group for auditing
(1007) GID for auditing


Thats it!
Pazzie
 
Posts: 3
Joined: Fri Aug 16, 2002 3:02 am

Postby spender » Wed Aug 21, 2002 11:44 am

I thought so :) If you read the documentation for that option, you would see that you also have to enable some auditing features below that. That feature just simply chooses whether you want to audit the features below for everyone, or for a single group.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to grsecurity support

cron