Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenSuSE 11.3 and AppArmor



Charlie Bennett wrote:
> man auditd
> man auditd.conf
> man audit.rules

Thanks for the tip...basically the bottom line is:

1) Open /boot/grub/menu.lst with your favorite editor
2) Add 'apparmor=0' to the default kernel's list of parameters
3) Reboot

You'll never see an annoying AppArmor-related syslog entry again.  The safer
alternative (for me) is this:

1) chkconfig auditd on
2) service auditd start

The stock distro includes an audit.rules which suppress the particular
messages I was seeing from login/su/sshd et al.  Hence if auditd is running
(as it is in a stock distro), it picks up these messages from kauditd and
tosses them out.  If auditd is not running, kauditd sends them to syslog which
is how I was seeing them.

My server-build procedure involves turning off all background daemons that we
aren't explicitly using.  Until now we've never had a reason to use auditd. 
That's why I'm noticing the problem (of an increase in verbosity) for the
first time with 11.3.

Thanks for the help!

-rich







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org