grsecurity forums


https://forums.grsecurity.net./

Auditing doesnt work.

https://forums.grsecurity.net./viewtopic.php?f=3&t=116

Page 1 of 1

Auditing doesnt work.

PostPosted: Fri Aug 16, 2002 3:06 am
by Pazzie
Hello,

Im using kernel 2.4.19 with the grsecurity patch and almost eveything seems to work just fine, (thank you for creating such great and free product)

However, the auditing on group level doesnt work, i have created a group like gredit:x:1007:user1 so that everyhting from that user must be logged, at least that should grsecure supose to do. But nothing happend.

Not a single entry in my logfiles, what could be the problem??

PostPosted: Fri Aug 16, 2002 10:23 am
by spender
Are kernel logs of level INFO being logged to a file by syslog? Check your /etc/syslog.conf file to find out. Auditing logs aren't logged the same way as security alerts.

-Brad

Have that

PostPosted: Sun Aug 18, 2002 5:49 am
by Pazzie
*.info /var/log/grsec

Thats what i have in the syslog.conf, however iim getting a huge log file.
But there is still no grsec-auditing, strange thing is when i boot my pc i get
some kinda error with IOCTL TIOCGDEV unknown by Kernel, must the kernel be prepared for auditing or must i add an extra patch ?.

PostPosted: Wed Aug 21, 2002 9:24 am
by spender
auditing should automatically work. What auditing options did you select?

-Brad

Auditing

PostPosted: Wed Aug 21, 2002 11:10 am
by Pazzie
Single group for auditing
(1007) GID for auditing


Thats it!

PostPosted: Wed Aug 21, 2002 11:44 am
by spender
I thought so :) If you read the documentation for that option, you would see that you also have to enable some auditing features below that. That feature just simply chooses whether you want to audit the features below for everyone, or for a single group.

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/