The latest audit messages are actually not present in /var/log/messages or
/var/log/daemon.
They do however show up when running dmesg.
[EMAIL PROTECTED]:~# grep audit /var/log/messages /var/log/daemon.log| wc -l
0
[EMAIL PROTECTED]:~# dmesg|grep audit| wc -l
646
[EMAIL PROTECTED]:~# dmesg|grep audit | tail -n5
[28191.924373] type=1502 audit(1225212747.947:22163):
operation="inode_permission" requested_mask="r::" denied_mask="r::" fsuid=0
name="/proc/loadavg" pid=4836 profile="/usr/lib/sm.bin/sendmail"
[28196.924211] type=1502 audit(1225212752.947:22164):
operation="inode_permission" requested_mask="r::" denied_mask="r::" fsuid=0
name="/proc/loadavg" pid=4836 profile="/usr/lib/sm.bin/sendmail"
[28196.924383] type=1502 audit(1225212752.947:22165):
operation="inode_permission" requested_mask="r::" denied_mask="r::" fsuid=0
name="/proc/loadavg" pid=4836 profile="/usr/lib/sm.bin/sendmail"
[28201.924204] type=1502 audit(1225212757.947:22166):
operation="inode_permission" requested_mask="r::" denied_mask="r::" fsuid=0
name="/proc/loadavg" pid=4836 profile="/usr/lib/sm.bin/sendmail"
[28201.924391] type=1502 audit(1225212757.947:22167):
operation="inode_permission" requested_mask="r::" denied_mask="r::" fsuid=0
name="/proc/loadavg" pid=4836 profile="/usr/lib/sm.bin/sendmail"
[EMAIL PROTECTED]:~# aa-logprof
Reading log entries from /var/log/messages.
Updating AppArmor profiles in /etc/apparmor.d.
[EMAIL PROTECTED]:~#
[EMAIL PROTECTED]:~# zgrep audit /var/log/* | tail -n 5
/var/log/messages.3.gz:Oct 1 16:42:33 thosjo-lab kernel: [23249.323475]
type=1502 audit(1222872153.928:30857): operation="socket_recvmsg" family="inet"
sock_type="stream" protocol=6 pid=7184 profile="null-complain-profile"
/var/log/messages.3.gz:Oct 1 16:42:34 thosjo-lab kernel: [23249.323739]
type=1502 audit(1222872153.928:30858): operation="socket_recvmsg" family="inet"
sock_type="stream" protocol=6 pid=7184 profile="null-complain-profile"
/var/log/messages.3.gz:Oct 1 16:42:34 thosjo-lab kernel: [23249.323778]
type=1502 audit(1222872153.928:30859): operation="socket_recvmsg" family="inet"
sock_type="stream" protocol=6 pid=7184 profile="null-complain-profile"
/var/log/messages.3.gz:Oct 1 16:42:34 thosjo-lab kernel: [23249.324893]
type=1502 audit(1222872153.930:30860): operation="file_lock"
requested_mask="k::" denied_mask="k::" fsuid=1000
name="/home/thosjo/.mozilla/firefox/y5e0krtz.default/urlclassifier3.sqlite"
pid=7197 profile="null-complain-profile"
/var/log/messages.3.gz:Oct 1 16:42:40 thosjo-lab kernel: [23254.518714]
type=1502 audit(1222872159.122:30896): operation="socket_recvmsg" family="inet"
sock_type="stream" protocol=6 pid=7184 profile="null-complain-profile"
[EMAIL PROTECTED]:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 8.10
Release: 8.10
Codename: intrepid
[EMAIL PROTECTED]:~# uname -a && dpkg -l |grep apparmor
Linux thosjo-lab 2.6.27-7-generic #1 SMP Fri Oct 24 06:42:44 UTC 2008 i686
GNU/Linux
ii apparmor 2.3+1289-0ubuntu4
User-space parser utility for AppArmor
ii apparmor-utils 2.3+1289-0ubuntu4
Utilities for controlling AppArmor
ii libapparmor-perl 2.3+1289-0ubuntu4
AppArmor library Perl bindings
ii libapparmor1 2.3+1289-0ubuntu4
changehat AppArmor library
[EMAIL PROTECTED]:~# aa-status
apparmor module is loaded.
10 profiles are loaded.
3 profiles are in enforce mode.
/usr/share/gdm/guest-session/Xsession
/usr/lib/cups/backend/cups-pdf
/usr/sbin/cupsd
7 profiles are in complain mode.
/usr/sbin/ntpd
/usr/sbin/acpid
/sbin/syslogd
/usr/lib/sm.bin/sendmail
/sbin/dhclient3
/sbin/wpa_supplicant
/usr/lib/firefox-3.0.3/firefox.sh
8 processes have profiles defined.
0 processes are in enforce mode :
8 processes are in complain mode.
/usr/lib/sm.bin/sendmail (4836)
/usr/sbin/ntpd (5375)
/sbin/wpa_supplicant (5080)
/usr/sbin/ntpd (5376)
null-complain-profile (5020)
/sbin/dhclient3 (5221)
/usr/sbin/acpid (4349)
/sbin/syslogd (4468)
0 processes are unconfined but have a profile defined.
--
aa-logprof generates faulty output messages
https://bugs.launchpad.net/bugs/271252
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
