Problems with auditd
Paul Schmehl
pauls at utdallas.edu
Fri Dec 7 14:10:56 PST 2007
--On Friday, December 07, 2007 22:41:01 +0100 Peter Boosten
<peter at boosten.org> wrote:
> On Fri, December 7, 2007 22:06, Paul Schmehl wrote:
>> I upgraded my system from 6.0 RELEASE to 6.2 RELEASE by cvsupping the
>> files and then running buildkernel/buildworld as usual. Since doing
>> that, auditd will not run, even though I have auditd_enable="YES" in
>> /etc/rc.conf. I've
>> been reading online posts about auditd and auditing (as well as the man
>> pages) but I haven't found what the problem is.
>>
>> If I run audit -s, I get this:
>> root at utd59514# audit -s Error sending trigger: Function not implemented
>>
>>
>
> Did you compile the audit option into the kernel?
>
> options AUDIT
>
> Peter
Apparently not. I compiled the GENERIC kernel, and it does not appear to
have that option. Strange. You would think, if the system is going to
install the daemon, it would have that option in the GENERIC kernel. :-(
--
Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
More information about the freebsd-questions
mailing list