Re: Problems with auditd
On Fri, December 7, 2007 23:10, Paul Schmehl wrote: --On Friday, December 07, 2007 22:41:01 +0100 Peter Boosten [EMAIL PROTECTED] wrote: Did you compile the audit option into the kernel? optionsAUDIT Peter Apparently not. I compiled the GENERIC kernel, and it does not appear to have that option. Strange. You would think, if the system is going to install the daemon, it would have that option in the GENERIC kernel. :-( IIRC it's still experimental in 6.2. It's by default in the 7-kernel however. Peter -- http://www.boosten.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems with auditd
--On Friday, December 07, 2007 22:41:01 +0100 Peter Boosten [EMAIL PROTECTED] wrote: On Fri, December 7, 2007 22:06, Paul Schmehl wrote: I upgraded my system from 6.0 RELEASE to 6.2 RELEASE by cvsupping the files and then running buildkernel/buildworld as usual. Since doing that, auditd will not run, even though I have auditd_enable=YES in /etc/rc.conf. I've been reading online posts about auditd and auditing (as well as the man pages) but I haven't found what the problem is. If I run audit -s, I get this: [EMAIL PROTECTED] audit -s Error sending trigger: Function not implemented Did you compile the audit option into the kernel? optionsAUDIT Peter Apparently not. I compiled the GENERIC kernel, and it does not appear to have that option. Strange. You would think, if the system is going to install the daemon, it would have that option in the GENERIC kernel. :-( -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems with auditd
On Fri, December 7, 2007 22:06, Paul Schmehl wrote: I upgraded my system from 6.0 RELEASE to 6.2 RELEASE by cvsupping the files and then running buildkernel/buildworld as usual. Since doing that, auditd will not run, even though I have auditd_enable=YES in /etc/rc.conf. I've been reading online posts about auditd and auditing (as well as the man pages) but I haven't found what the problem is. If I run audit -s, I get this: [EMAIL PROTECTED] audit -s Error sending trigger: Function not implemented Did you compile the audit option into the kernel? optionsAUDIT Peter -- http://www.boosten.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]