I run the 4.11 kernels on F25. For the last couple of kernels I've compiled, they constantly write messages from auditd to the virtual consoles. Working away, and suddenly 10 lines of output appear and overwrite the console.
The auditd libraries and binaries were also upgraded a couple times around the time that this started happening, so I'm not sure which of the two caused this, the kernel or auditd.
I mention it here because the 4.11 kernel is a release kernel now, and will likely be coming to F25 at some point. If it does, you can try the below workaround.
Add the following line to the end of /etc/audit/rules.d/audit.rules.
-a never,exit -S all -F res=success
This isn't a very good thing to do if you are running a server, because successful system calls can be useful for finding intrusions and problems. But I don't have any internet facing services, so I'm not really interested in these. I no longer have the messages appearing in the virtual consoles.
Of course you can just comment out the -a task,never line, and there will be no rules, and thus no messages, because the -D erases them.
Here's a link to some rules that seem practical for standalone computers.
https://security.stackexchange.com/questions/4629/simple-example-auditd-conf...
The last comment there is pertinent. I am not an expert, so take my advice with a grain of salt.
On Wed, 3 May 2017 15:42:47 -0700 stan stanl-fedorauser@vfemail.net wrote:
I run the 4.11 kernels on F25. For the last couple of kernels I've compiled, they constantly write messages from auditd to the virtual consoles. Working away, and suddenly 10 lines of output appear and overwrite the console.
My original solution of changing auditd rules was wrong. It turns out that this is an issue with printk log messages from the kernel. Here is some information from the link below discussing this.
... I suggest you alter your /etc/sysctl.conf. Specifcally, you want to tweak the kernel.printk line.
# Uncomment the following to stop low-level messages on console kernel.printk = 3 4 1 3
Display:
# sysctl kernel.printk kernel.printk = 7 4 1 7
The separators in the output are single tabs, btw.
Set. Here the separators are just spaces. Works as well.
# sysctl -w kernel.printk="3 4 1 3" kernel.printk = 3 4 1 3 # sysctl kernel.printk kernel.printk = 3 4 1 3
See man sysctl - "configure kernel parameters at runtime" for more. ...
https://superuser.com/questions/351387/how-to-stop-kernel-messages-from-floo...
When I set the printk bar to 3 4 1 3, the messages stopped because they weren't high enough priority. Lower number is higher priority.
A little more info.
/etc/sysctl.d/99-mystuff.conf: #define KERN_EMERG "<0>" /* system is unusable */ #define KERN_ALERT "<1>" /* action must be taken immediately */ #define KERN_CRIT "<2>" /* critical conditions */ #define KERN_ERR "<3>" /* error conditions */ #define KERN_WARNING "<4>" /* warning conditions */ #define KERN_NOTICE "<5>" /* normal but significant condition */ #define KERN_INFO "<6>" /* informational */ #define KERN_DEBUG "<7>" /* debug-level messages */ #- console_loglevel: messages with a higher priority than # this will be printed to the console #- default_message_level: messages without an explicit priority # will be printed with this priority #- minimum_console_loglevel: minimum (highest) value to which # console_loglevel can be set #- default_console_loglevel: default value for console_loglevel
# console is too verbose kernel.printk = 3 4 1 7
Bill
On 5/12/2017 2:51 PM, stan wrote:
On Wed, 3 May 2017 15:42:47 -0700 stan stanl-fedorauser@vfemail.net wrote:
I run the 4.11 kernels on F25. For the last couple of kernels I've compiled, they constantly write messages from auditd to the virtual consoles. Working away, and suddenly 10 lines of output appear and overwrite the console.
My original solution of changing auditd rules was wrong. It turns out that this is an issue with printk log messages from the kernel. Here is some information from the link below discussing this.
... I suggest you alter your /etc/sysctl.conf. Specifcally, you want to tweak the kernel.printk line.
# Uncomment the following to stop low-level messages on console kernel.printk = 3 4 1 3
Display:
# sysctl kernel.printk kernel.printk = 7 4 1 7
The separators in the output are single tabs, btw.
Set. Here the separators are just spaces. Works as well.
# sysctl -w kernel.printk="3 4 1 3" kernel.printk = 3 4 1 3 # sysctl kernel.printk kernel.printk = 3 4 1 3
See man sysctl - "configure kernel parameters at runtime" for more. ...
https://superuser.com/questions/351387/how-to-stop-kernel-messages-from-floo...
When I set the printk bar to 3 4 1 3, the messages stopped because they weren't high enough priority. Lower number is higher priority. _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
-
Bill Shirley -
stan