Re: auditd spamming of dmesg
On Mon, 2020-12-21 at 12:14 -0600, Richard Shaw wrote: > It looks like this has been a problem for a while but I only just now > noticed. > Is it really necessary to have all the audit: messages in dmesg? It > makes it nearly unreadable. I revisited https://bugzilla.redhat.com/show_bug.cgi?id=1227379 , you have two options auditctl -e 0 or audit=0 on boot kernel command line and since sydtemd v246 [1] you may have the solution but I haven't tested yet [1] https://github.com/eworm-de/systemd/commit/511e03a3eedb7613beb0ba59f98fdc1dd753aced > Thanks, > Richard > > ___devel mailing list -- > devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org -- Sérgio M. B. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: auditd spamming of dmesg
On Mon, Dec 21, 2020 at 1:43 PM Gary Buhrmaster wrote: > On Mon, Dec 21, 2020 at 7:25 PM Richard Shaw wrote: > > > I would say so... > > > > $ dmesg | grep -c audit > > 767 > > > > $ dmesg | grep -cv audit > > 30 > > > > You will likely have to share some of the audit > entries. > I don't want to paste too much of that, but based on skimming through they almost all seem to be about ssh connections, which I don't think belong in dmesg at all... Thanks, Richard ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: auditd spamming of dmesg
On Mon, Dec 21, 2020 at 7:25 PM Richard Shaw wrote: > I would say so... > > $ dmesg | grep -c audit > 767 > > $ dmesg | grep -cv audit > 30 > You will likely have to share some of the audit entries. That last time I recall seeing so many audit entries in dmesg I had set selinux to be permissive, and (due to other changes) had not relabeled a filesystem, resulting in a lot of audit messages. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: auditd spamming of dmesg
On Mon, Dec 21, 2020 at 12:54 PM Alexander Ploumistos < alex.ploumis...@gmail.com> wrote: > Hello Richard, > > Right after logging in (and starting Firefox), dmesg returns 1176 > lines, of which 25 are audit messages. It's pretty much the same ratio > on a second desktop and slightly higher (46/724) on a server running > multiple services, but I would call neither nearly unreadable. Are you > seeing something different? Maybe there's some other issue? > I would say so... $ dmesg | grep -c audit 767 $ dmesg | grep -cv audit 30 Thanks, Richard ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: auditd spamming of dmesg
Hello Richard, Right after logging in (and starting Firefox), dmesg returns 1176 lines, of which 25 are audit messages. It's pretty much the same ratio on a second desktop and slightly higher (46/724) on a server running multiple services, but I would call neither nearly unreadable. Are you seeing something different? Maybe there's some other issue? ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
