[prev in list] [next in list] [prev in thread] [next in thread]
List: opensuse-security
Subject: Re: [opensuse-security] Apparmor aa-genprof broken?
From: Christian Boltz <suse-security () cboltz ! de>
Date: 2014-08-20 22:20:31
Message-ID: 8814141.AqcJxKrDJb () tux ! boltz ! de ! vu
[Download RAW message or body]
Hello,
Am Mittwoch, 20. August 2014 schrieb pinguin74:
> >> Any hints on that?
> >>
> >> I really don ´t want to create profiles completely manually....
> >
> > Have you made sure apparmor and auditd are running, i.e. systemctl
> > status apparmor.service and systemctl status auditd.service?
>
> Yes, I found out, auditd wasn ´t running. I wonder why they don ´t start
> it by default since AA needs it...
Technically, auditd isn't needed - syslog also works (but auditd has
some advantages).
The problem in your case is that you had auditd running in the past.
aa-genprof and aa-logprof check if /var/log/audit/audit.log
exists. If yes, they read it. Otherwise they automatically fall back to
/var/log/messages.
You can force aa-logprof and aa-genprof to a specific logfile by using
-f /var/log/messages
as parameter.
Regards,
Christian Boltz
--
Weißt Du, man soll ja eigentlich keine Leute auf öffentlichen
Mailinglisten beschimpfen, sie kratzen oder ihnen Tiernamen geben.
Aber die traumwandlerische Sicherheit, mit der Du den relevanten Teil
des Logs weggeschnitten hast, ist schon beeindruckend.
Also, Du Hängebauchschwein, fühl Dich beschimpft und gekratzt ;-)
[Stefan Förster in postfixbuch-users]
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-security+owner@opensuse.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic