On Tue, 2009-03-03 at 11:16 -0500, Call, Tom H wrote: > Steve, et.al. > > Here is a representative sample of audit.log entries recorded > whenever cron periodically (every minute) queries for cron entries > that need execution. > Are your sure that these entries are created even when no cron jobs are executed? That means you do not have any cron jobs which are expected to be run once in a minute? If that was a case I'd call it a bug. Cron must audit only when it executes a job not on each wakeup (once in a minute). > > These events typically comprise at least 80% of all the audit.log > entries although they are repetitive thoughout the log and do not > indicate any user attempt to compromise the system. > > Is there any relatively straight forward way that I can configure > Auditd to not record events for crond routinely running as root? > > I am using audit-1.0.16-3.el4 on CentOS-4.7 > > Thanks! > > Tom Call, LMCO > > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
