SELinux auditing can't be disabled?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hmm, odd one this (FC2 system).

I switched to a stock kernel, in order to reverse the 8K stack patch for
compatibility with nVidia's broken driver.

Strictly speaking, I have no problems, everything is working and pretty
fast too.

However, between two different kernels (2.6.5-1.358 and 2.6.6-rc3-bk3)
with nearly identical configs, something has changed to produce a tonne of
garbage being spewed to the console (and /var/log/messages) during bootup.

None of this is error messages, just *extremely* annoying and extremely
verbose logging, which I guess is some form of auditing - like this:

Jun  5 06:36:29 genesis kernel: [49.850] [+ 0.00] /etc/modprobe.conf.dist
Jun  5 06:36:29 genesis kernel: [49.851] [+ 0.01] /etc/modprobe.conf
Jun  5 06:36:29 genesis kernel: [49.852] [+ 0.01] /proc/modules
Jun  5 06:36:29 genesis kernel: [49.853] [+ 0.01] /proc/bus/usb/devices
Jun  5 06:36:29 genesis kernel: [49.853] [+ 0.00] /usr/sbin/xinetd
--- snip massive audit ---

The full system message logs (for both 2.6.5-1.358 and 2.6.6-rc3-bk3) are
here:

http://www.genesis-x.nildram.co.uk/kernel/messages-2.6.5-1.358.txt
http://www.genesis-x.nildram.co.uk/kernel/messages-2.6.6-rc3-bk3.txt

This FC2 system has only been up a couple of days, so I'm just getting my
head around SELinux etc.

Adding selinux=0 and/or audit=0 in grub.conf doesn't seem to make any
difference at all, neither does chkconfig --level 2345 syslog off. Weird -
even with syslog off I *still* get these messages. Anyway, I think this is
maybe another security tool, not SELinux, although it's pretty hard to
find anything useful in the logfile, since it is choked with garbage from
the audit.

My grub.conf is here:
http://www.genesis-x.nildram.co.uk/kernel/grub.conf.txt

I started with the kernel.src.rpm from:
http://www.linuxant.com/driverloader/wlan/full/archive/fc2/kernel-2.6.5-1.358.8kstacks.src.rpm.zip

Then I:

unzip kernel-2.6.5-1.358.8kstacks.src.rpm.zip
rpm -ivh kernel-2.6.5-1.358.8kstacks.src.rpm
cd /usr/src/redhat/SOURCES
tar xjf linux-2.6.5.tar.bz2
cd linux-2.6.5

I ran this patch script:
http://www.genesis-x.nildram.co.uk/kernel/patchit.sh.txt

Then I did:
make clean mrproper
cp ../kernel-2.6.5-i686.config linux-2.6.5
make gconfig

I removed all unnecessary drivers, added NTFS support, and optimised for
P3 systems. The resulting config is here:

http://www.genesis-x.nildram.co.uk/kernel/config-2.6.6-rc3-bk3.txt

Then I did:

make rpm
rpm -ivh /usr/src/redhat/RPMS/i386/kernel-2.6.6rc3bk3-1.i386.rpm
mkinitrd /boot/initrd-2.6.6-rc3-bk3.img 2.6.6-rc3-bk3

So how do I quiet those messages? Let's assume that some time in the
future I do want to do auditing, how can I force SELinux (or whatever
security tool) to log to a separate file other than the system log (which
is busy enough as it is).

TIA,

-
K.



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux