OpenSuSE 11.3 and AppArmor
Rich Braun
richb-RBmg6HWzfGThzJAekONQAQ at public.gmane.org
Sat Aug 21 12:06:27 EDT 2010
Charlie Bennett wrote:
> man auditd
> man auditd.conf
> man audit.rules
Thanks for the tip...basically the bottom line is:
1) Open /boot/grub/menu.lst with your favorite editor
2) Add 'apparmor=0' to the default kernel's list of parameters
3) Reboot
You'll never see an annoying AppArmor-related syslog entry again. The safer
alternative (for me) is this:
1) chkconfig auditd on
2) service auditd start
The stock distro includes an audit.rules which suppress the particular
messages I was seeing from login/su/sshd et al. Hence if auditd is running
(as it is in a stock distro), it picks up these messages from kauditd and
tosses them out. If auditd is not running, kauditd sends them to syslog which
is how I was seeing them.
My server-build procedure involves turning off all background daemons that we
aren't explicitly using. Until now we've never had a reason to use auditd.
That's why I'm noticing the problem (of an increase in verbosity) for the
first time with 11.3.
Thanks for the help!
-rich
More information about the Discuss
mailing list