Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 6:01 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 
Author Message
 Post subject: Audit Scheduling
PostPosted: Wed Mar 24, 2010 5:06 am 
Offline
Newbie

Joined: Wed Mar 24, 2010 4:45 am
Posts: 2
I recently updated to version 09.12.23 on Centos using SVN. I decided to try using the scheduled audits. I can create a config, but when I try to do a run now I get an error "Failed to run: Audits (127)".
I also can't start the scheduling service. It says "Unable to start the Web-Schedule service".
The only errors I see are in /var/log/messages:
Mar 23 12:21:19 OpAud kernel: audit(1269364879.707:269): avc: denied { getattr } for pid=20698 comm="sh" name="ls" dev=dm-0 ino=130898 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:ls_exec_t:s0 tclass=file
Mar 23 12:21:19 OpAud kernel: audit(1269364879.755:270): avc: denied { read write } for pid=20700 comm="audit" name="[eventpoll]" dev=anon_inodefs ino=263 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:anon_inodefs_t:s0 tclass=file
Mar 23 12:21:19 OpAud kernel: audit(1269364879.810:271): avc: denied { execstack } for pid=20700 comm="audit" scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:system_r:httpd_sys_script_t:s0 tclass=process

I'm wondering if I'm missing some of the required perl modules. Can anyone help me?


Top
 Profile  
Reply with quote  
 Post subject: Re: Audit Scheduling
PostPosted: Thu Mar 25, 2010 4:45 am 
Offline
Newbie

Joined: Thu Mar 25, 2010 4:38 am
Posts: 2
Can't help ya.. my first installation of open-audit .. but I'm waiting to see the reply.
Here's my 2cents:
I just did a new install of 09.12.23 on CentOS, and created an audit - but I get "Failed To Run <name> (126)"
I also get "Unable to start the Web-Schedule service"

But, auditing windows pc via the web interface works very nicely.


Top
 Profile  
Reply with quote  
 Post subject: Re: Audit Scheduling
PostPosted: Fri Mar 26, 2010 1:20 am 
Offline
Newbie

Joined: Wed Mar 24, 2010 4:45 am
Posts: 2
After finding some notes from the author of the scheduled scan, I tried renaming /var/www/html/scripts/audit so that audit.pl would run. The scheduling service starts and the run now runs, but it finishes in 2 seconds and doesn't appear to do anything. Still getting lost of "denied" messages in /var/log/messages.

Mar 25 10:18:53 OpAud kernel: audit(1269530333.710:14761): avc: denied { read write } for pid=19543 comm="audit.pl" name="[eventpoll]" dev=anon_inodefs ino=263 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:anon_inodefs_t:s0 tclass=file
Mar 25 10:18:53 OpAud kernel: audit(1269530333.721:14762): avc: denied { ioctl } for pid=19543 comm="audit.pl" name="error_log" dev=dm-0 ino=66586 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=root:object_r:httpd_log_t:s0 tclass=file


Top
 Profile  
Reply with quote  
 Post subject: Re: Audit Scheduling
PostPosted: Tue Jun 22, 2010 12:56 am 
Offline
Newbie
User avatar

Joined: Mon Jun 21, 2010 11:39 pm
Posts: 13
Location: Iowa, USA
I haven't tried the audit scheduling from OA, but I have had the problem where the script only runs for a couple seconds when using the Task Scheduler in WinXP. When this happens I have to download the audit script again and typically it runs properly after re-downloading.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group