On 21 November 2011 18:04, Brian Ross <[email protected]> wrote:
> I have a client who is still running RHEL3. Over the last 12 months the > auditd process has become steadily more and more intrusive and causing > problems. I have attempted to turn it off but whenever I do so, suddenly > SSH logins stop working. > > At the moment the only way I have to manage the auditd process is to > regularly delete the 2+GB of log files it creates every 4 hours. Can > anybody tell me how to turn it off without affecting other things? > > I would say that your user has other problems that need to be addressed before you can turn off audit. 1) Audit doesn't have anything to do with sshd that I can remember in RHEL-3. So if one is turning off the other.. then I would start looking at compromised system. 2) 2GB every 4 hours means there is something really wrong. Again I would say its either compromised system or hardware issue. -- Stephen J Smoogen. "The core skill of innovators is error recovery, not failure avoidance." Randy Nelson, President of Pixar University. "Let us be kind, one to another, for most of us are fighting a hard battle." -- Ian MacLaren
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
