Open-AudIT https://www.open-audit.org/phpBB3/ |
|
Audit Scheduling https://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=3585 |
Page 1 of 1 |
Author: | OGUser [ Wed Mar 24, 2010 5:06 am ] |
Post subject: | Audit Scheduling |
I recently updated to version 09.12.23 on Centos using SVN. I decided to try using the scheduled audits. I can create a config, but when I try to do a run now I get an error "Failed to run: Audits (127)". I also can't start the scheduling service. It says "Unable to start the Web-Schedule service". The only errors I see are in /var/log/messages: Mar 23 12:21:19 OpAud kernel: audit(1269364879.707:269): avc: denied { getattr } for pid=20698 comm="sh" name="ls" dev=dm-0 ino=130898 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:ls_exec_t:s0 tclass=file Mar 23 12:21:19 OpAud kernel: audit(1269364879.755:270): avc: denied { read write } for pid=20700 comm="audit" name="[eventpoll]" dev=anon_inodefs ino=263 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:anon_inodefs_t:s0 tclass=file Mar 23 12:21:19 OpAud kernel: audit(1269364879.810:271): avc: denied { execstack } for pid=20700 comm="audit" scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:system_r:httpd_sys_script_t:s0 tclass=process I'm wondering if I'm missing some of the required perl modules. Can anyone help me? |
Author: | Redneck_Andy [ Thu Mar 25, 2010 4:45 am ] |
Post subject: | Re: Audit Scheduling |
Can't help ya.. my first installation of open-audit .. but I'm waiting to see the reply. Here's my 2cents: I just did a new install of 09.12.23 on CentOS, and created an audit - but I get "Failed To Run <name> (126)" I also get "Unable to start the Web-Schedule service" But, auditing windows pc via the web interface works very nicely. |
Author: | OGUser [ Fri Mar 26, 2010 1:20 am ] |
Post subject: | Re: Audit Scheduling |
After finding some notes from the author of the scheduled scan, I tried renaming /var/www/html/scripts/audit so that audit.pl would run. The scheduling service starts and the run now runs, but it finishes in 2 seconds and doesn't appear to do anything. Still getting lost of "denied" messages in /var/log/messages. Mar 25 10:18:53 OpAud kernel: audit(1269530333.710:14761): avc: denied { read write } for pid=19543 comm="audit.pl" name="[eventpoll]" dev=anon_inodefs ino=263 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:anon_inodefs_t:s0 tclass=file Mar 25 10:18:53 OpAud kernel: audit(1269530333.721:14762): avc: denied { ioctl } for pid=19543 comm="audit.pl" name="error_log" dev=dm-0 ino=66586 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=root:object_r:httpd_log_t:s0 tclass=file |
Author: | ii Candor ii [ Tue Jun 22, 2010 12:56 am ] |
Post subject: | Re: Audit Scheduling |
I haven't tried the audit scheduling from OA, but I have had the problem where the script only runs for a couple seconds when using the Task Scheduler in WinXP. When this happens I have to download the audit script again and typically it runs properly after re-downloading. |
Page 1 of 1 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |