Hi,
I observe a very strange behavior of the ausearch utility. audit-1.7.7-6.el5_3.3
# cat /root/bin/autest.sh /sbin/ausearch -m avc| wc -l
If I run it, I get expected results:
# /root/bin/autest.sh 1563
But if I run it from cron, I get this in e-mail:
<no matches> 0
Why??
Sincerely yours, Vadym Chepkov
On 07/30/2009 10:38 PM, Vadym Chepkov wrote:
Hi,
I observe a very strange behavior of the ausearch utility. audit-1.7.7-6.el5_3.3
# cat /root/bin/autest.sh /sbin/ausearch -m avc| wc -l
If I run it, I get expected results:
# /root/bin/autest.sh 1563
But if I run it from cron, I get this in e-mail:
<no matches> 0
Why??
Sincerely yours, Vadym Chepkov
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Is cron being denied the ability to read the audit.log? Look for an AVC.
I figured it out, apparently you have to add switch --input-logs, when you run it from cron. Don't ask me why, I am puzzled myself.
Sincerely yours, Vadym Chepkov
--- On Fri, 7/31/09, Daniel J Walsh dwalsh@redhat.com wrote:
From: Daniel J Walsh dwalsh@redhat.com Subject: Re: ausearch and terminal To: "Vadym Chepkov" chepkov@yahoo.com Cc: "Fedora SELinux" fedora-selinux-list@redhat.com Date: Friday, July 31, 2009, 8:42 AM On 07/30/2009 10:38 PM, Vadym Chepkov wrote:
Hi,
I observe a very strange behavior of the ausearch
utility.
audit-1.7.7-6.el5_3.3
# cat /root/bin/autest.sh /sbin/ausearch -m avc| wc -l
If I run it, I get expected results:
# /root/bin/autest.sh 1563
But if I run it from cron, I get this in e-mail:
<no matches> 0
Why??
Sincerely yours, Vadym Chepkov
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Is cron being denied the ability to read the audit.log? Look for an AVC.
On 07/31/2009 08:55 AM, Vadym Chepkov wrote:
I figured it out, apparently you have to add switch --input-logs, when you run it from cron. Don't ask me why, I am puzzled myself.
Sincerely yours, Vadym Chepkov
--- On Fri, 7/31/09, Daniel J Walsh dwalsh@redhat.com wrote:
From: Daniel J Walsh dwalsh@redhat.com Subject: Re: ausearch and terminal To: "Vadym Chepkov" chepkov@yahoo.com Cc: "Fedora SELinux" fedora-selinux-list@redhat.com Date: Friday, July 31, 2009, 8:42 AM On 07/30/2009 10:38 PM, Vadym Chepkov wrote:
Hi,
I observe a very strange behavior of the ausearch
utility.
audit-1.7.7-6.el5_3.3
# cat /root/bin/autest.sh /sbin/ausearch -m avc| wc -l
If I run it, I get expected results:
# /root/bin/autest.sh 1563
But if I run it from cron, I get this in e-mail:
<no matches> 0
Why??
Sincerely yours, Vadym Chepkov
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Is cron being denied the ability to read the audit.log? Look for an AVC.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Steve Grubb can explain.
selinux@lists.fedoraproject.org