Thanks Steve.
Steve Grubb wrote:
On Wednesday 18 February 2009 12:16:14 pm Dan Gruhn wrote:
I'm getting an auditctl startup SELinux violation that is showing up
with a user ID of -1 (4294967295 in my case).
-1 means that the command was run by something that was not initiated by a
login. IOW, probably initscripts.
I can fix the violation, but before I do I thought I saw something a while
back about setting a parameter or defining a variable on power-up so that
one didn't get the -1 for something that came up in the wrong order.
There is nothing that fixes that. This is just a statement of fact. The error
originated from a non-login path. What you might be remembering is that you
should put a audit=1 in the boot params of the kernel. This is so that you
don't have any unauditable processes.
-Steve
--
Dan Gruhn
Group W Inc.
8315 Lee Hwy, Suite 303
Fairfax, VA, 22031
PH: (703) 752-5831
FX: (703) 752-5851
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
