On Friday, December 1, 2017 8:17:58 AM EST Brad Zynda wrote:
> Hey Steve,
>
> Just wanted to follow up on this and say we are still seeing services
> across the board that have:
>
> Warning: Journal has been rotated since unit was started. Log output is
> incomplete or unavailable
>
> basically
Hey Steve,
Just wanted to follow up on this and say we are still seeing services
across the board that have:
Warning: Journal has been rotated since unit was started. Log output is
incomplete or unavailable
basically created a script to check all unit file services/targets and
grep status -l for
On Thursday, October 19, 2017 1:08:22 PM EDT Brad Zynda wrote:
> >> grep perm_mod /etc/audit/audit.rules
> >> -a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=1000
> >> -F auid!=4294967295 -k perm_mod
> >> -a always,exit -F arch=b32 -S chmod -S fchmod -S fchmodat -F auid>=1000
> >
On 10/18/2017 07:27 PM, Steve Grubb wrote:
> On Wednesday, October 18, 2017 12:32:15 PM EDT Brad Zynda wrote:
>> On 10/18/2017 12:26 PM, Steve Grubb wrote:
>>> On Wednesday, October 18, 2017 12:13:13 PM EDT Brad Zynda wrote:
So now you have to comment out a rule at a time and watch for
On Wednesday, October 18, 2017 12:32:15 PM EDT Brad Zynda wrote:
> On 10/18/2017 12:26 PM, Steve Grubb wrote:
> > On Wednesday, October 18, 2017 12:13:13 PM EDT Brad Zynda wrote:
> >> So now you have to comment out a rule at a time and watch for
> >> usage/count to fall?
> >
> > Well, I am certain
On 10/18/2017 12:26 PM, Steve Grubb wrote:
> On Wednesday, October 18, 2017 12:13:13 PM EDT Brad Zynda wrote:
>> So now you have to comment out a rule at a time and watch for
>> usage/count to fall?
>
> Well, I am certain that commenting out that rule will drop the count. But the
> question mor
On Wednesday, October 18, 2017 12:13:13 PM EDT Brad Zynda wrote:
> So now you have to comment out a rule at a time and watch for
> usage/count to fall?
Well, I am certain that commenting out that rule will drop the count. But the
question more is why is that rule being triggered. One thing you co
On 10/18/2017 11:40 AM, Steve Grubb wrote:
> On Wednesday, October 18, 2017 11:14:31 AM EDT Brad Zynda wrote:
>> Here is an output from the server with PATH audit type re-allowed
>> (everything back to normal):
>>
>> Key Summary Report
>> ===
>> total key
>> =
On Wednesday, October 18, 2017 11:14:31 AM EDT Brad Zynda wrote:
> Here is an output from the server with PATH audit type re-allowed
> (everything back to normal):
>
> Key Summary Report
> ===
> total key
> ===
> 6019 perm_mod
> 3878 delete
> 964
Hey Steve,
Here is an output from the server with PATH audit type re-allowed
(everything back to normal):
Key Summary Report
===
total key
===
6019 perm_mod
3878 delete
964 access
96 privileged
57 time-change
51 session
41 modules
20 logins
Hi Steve,
Thanks for pointing me in the right direction and including the 2 year
old ticket to reference ;)
I will see about getting the audit.socket masked if it is allowed under
FIPS/NIST.
Thanks again,
Brad
On 10/17/2017 12:25 PM, Steve Grubb wrote:
> On Tuesday, October 17, 2017 11:40:12 A
On Tuesday, October 17, 2017 11:40:12 AM EDT Brad Zynda wrote:
> Hey Steve,
>
> No problem you guys are busy with updates..
>
> So I kind of stepped into a known issue with a current disagreement
> between the 2 maintainers?
Its not a disagreement. Its systemd wants to do everything. Its a crond
Hey Steve,
No problem you guys are busy with updates..
So I kind of stepped into a known issue with a current disagreement
between the 2 maintainers? what can be done to resolve this going
forward as it is killing services in production environments?
I agree with the need not to remove auditing
Hello,
I apologize for the late reply...just found the message.
On Monday, October 2, 2017 1:30:19 PM EDT Brad Zynda wrote:
> I am sending along an issue brought to the systemd-journald dev list
> initially:
>
> On 10/02/2017 11:40 AM, Lennart Poettering wrote:
> > On Mo, 02.10.17 11:25, Brad Zy
Hello Everyone,
I am sending along an issue brought to the systemd-journald dev list
initially:
On 10/02/2017 11:40 AM, Lennart Poettering wrote:
> On Mo, 02.10.17 11:25, Brad Zynda (bradley.v.zy...@nasa.gov) wrote:
>
>> Sep 28 13:50:03 server systemd-journal[565]: Suppressed 73244 messages
>>
15 matches
Mail list logo