Open-AudIT
http://www.open-audit.org/phpBB3/

Audit Scheduling
http://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=3585
Page 1 of 1

Author:  OGUser [ Wed Mar 24, 2010 5:06 am ]
Post subject:  Audit Scheduling

I recently updated to version 09.12.23 on Centos using SVN. I decided to try using the scheduled audits. I can create a config, but when I try to do a run now I get an error "Failed to run: Audits (127)".
I also can't start the scheduling service. It says "Unable to start the Web-Schedule service".
The only errors I see are in /var/log/messages:
Mar 23 12:21:19 OpAud kernel: audit(1269364879.707:269): avc: denied { getattr } for pid=20698 comm="sh" name="ls" dev=dm-0 ino=130898 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:ls_exec_t:s0 tclass=file
Mar 23 12:21:19 OpAud kernel: audit(1269364879.755:270): avc: denied { read write } for pid=20700 comm="audit" name="[eventpoll]" dev=anon_inodefs ino=263 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:anon_inodefs_t:s0 tclass=file
Mar 23 12:21:19 OpAud kernel: audit(1269364879.810:271): avc: denied { execstack } for pid=20700 comm="audit" scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:system_r:httpd_sys_script_t:s0 tclass=process

I'm wondering if I'm missing some of the required perl modules. Can anyone help me?

Author:  Redneck_Andy [ Thu Mar 25, 2010 4:45 am ]
Post subject:  Re: Audit Scheduling

Can't help ya.. my first installation of open-audit .. but I'm waiting to see the reply.
Here's my 2cents:
I just did a new install of 09.12.23 on CentOS, and created an audit - but I get "Failed To Run <name> (126)"
I also get "Unable to start the Web-Schedule service"

But, auditing windows pc via the web interface works very nicely.

Author:  OGUser [ Fri Mar 26, 2010 1:20 am ]
Post subject:  Re: Audit Scheduling

After finding some notes from the author of the scheduled scan, I tried renaming /var/www/html/scripts/audit so that audit.pl would run. The scheduling service starts and the run now runs, but it finishes in 2 seconds and doesn't appear to do anything. Still getting lost of "denied" messages in /var/log/messages.

Mar 25 10:18:53 OpAud kernel: audit(1269530333.710:14761): avc: denied { read write } for pid=19543 comm="audit.pl" name="[eventpoll]" dev=anon_inodefs ino=263 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:anon_inodefs_t:s0 tclass=file
Mar 25 10:18:53 OpAud kernel: audit(1269530333.721:14762): avc: denied { ioctl } for pid=19543 comm="audit.pl" name="error_log" dev=dm-0 ino=66586 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=root:object_r:httpd_log_t:s0 tclass=file

Author:  ii Candor ii [ Tue Jun 22, 2010 12:56 am ]
Post subject:  Re: Audit Scheduling

I haven't tried the audit scheduling from OA, but I have had the problem where the script only runs for a couple seconds when using the Task Scheduler in WinXP. When this happens I have to download the audit script again and typically it runs properly after re-downloading.

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/