Tim: >> Though I've also found SELinux documentation to be less >> than adequate to attempt configuring something manually. >> >> Likewise for SELinux-related things. For instance, the audit.log is >> just gibberish, to me. I can't look at it and see that something >> happened at a particular time (like the messages log file), and the >> content of some entries gives no clue as to what it means. >> >> For example: >> >> type=SOCKETCALL msg=audit(1123685491.877:78): nargs=6 a0=4 a1=bf8ce47c a2=10 a3=0 a4=bf8d0618 a5=c >> type=CONFIG_CHANGE msg=audit(1123685491.878:83): audit_backlog_limit=256 old=64 by auid=4294967295 >> >> I can't even guess at what they might refer to. Paul Howarth: > You might try: > > # ausearch -a 78 > > (the number is the number following the colon in the audit(xxx:yyy) > part of the entry) > > That should result in something a little more comprehansible. Perhaps... ;-) time->Thu Aug 11 00:21:31 2005 type=SOCKETCALL msg=audit(1123685491.877:78): nargs=6 a0=4 a1=bf8ce47c a2=10 a3=0 a4=bf8d0618 a5=c type=SOCKADDR msg=audit(1123685491.877:78): saddr=100000000000000000000000 type=SYSCALL msg=audit(1123685491.877:78): arch=40000003 syscall=102 success=no exit=-22 a0=b a1=bf8cc320 a2=80510f8 a3=bf8d0618 items=0 pid=1426 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="auditctl" exe="/sbin/auditctl" type=SELINUX_ERR msg=audit(1123685491.877:78): SELinux: unrecognized netlink message type=1009 for sclass=49 But it, and about four other similar ones, seem just as incomprehensible. ;-) I might guess that it's something to do with /sbin/auditctl, but I don't really know. -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.