How to get rid of successful link message?
7 posts
• Page 1 of 1
How to get rid of successful link message?
by uof » Sat Jan 29, 2005 3:02 pm
In a newest version there are annoying successful link messages in syslog, how to get rid of it, as I use qmail and it makes links all the time my log is ful of these messages?
- uof
- Posts: 5
- Joined: Fri Mar 05, 2004 5:57 pm
by uof » Wed Feb 02, 2005 3:17 am
kernel 2.4.29
grsec 2.0.2
RBAC is on
and the message is:
Jan 31 23:44:21 kernel: grsec: From 81.168.222.85: (default:D:/) successful link of /var/qmail/queue/intd/400943 to todo/400943 by /var/qmail/bin/qmail-queue[qmail-queue:31777] uid/euid:549/105 gid/egid:504/504, parent /usr/bin/perl5.00503[perl5.00503:17929] uid/euid:549/549 gid/egid:504/504
there's a lot of it, and previous versions of grsec didn't emit this
grsec 2.0.2
RBAC is on
and the message is:
Jan 31 23:44:21 kernel: grsec: From 81.168.222.85: (default:D:/) successful link of /var/qmail/queue/intd/400943 to todo/400943 by /var/qmail/bin/qmail-queue[qmail-queue:31777] uid/euid:549/105 gid/egid:504/504, parent /usr/bin/perl5.00503[perl5.00503:17929] uid/euid:549/549 gid/egid:504/504
there's a lot of it, and previous versions of grsec didn't emit this
- uof
- Posts: 5
- Joined: Fri Mar 05, 2004 5:57 pm
by spender » Thu Feb 03, 2005 1:27 pm
Then you must have "L" in addition to "l" on the object in question. The link wouldn't have been possible if you didn't modify your policy file. "L" causes the message you're seeing, since it's an auditing flag.
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
7 posts
• Page 1 of 1