audit ログから crond を除外する

Solution Verified - Updated -

Issue

  • /var/log/audit/audit.log を満たす PAM 関連の余分な crond メッセージをすべて無効にするにはどうしたら良いですか?

  • Auditd ログでは、cron がジョブを実行するたびに、最低 6 つのイベントの audit.log が記録されます。以下は、5 分ごとに sar を設定した場合に発生した場合の例です。

    type=USER_ACCT msg=audit(1336941301.016:10008): user pid=27266 uid=0 auid=4294967295 msg='PAM: accounting acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=CRED_ACQ msg=audit(1336941301.016:10009): user pid=27266 uid=0 auid=4294967295 msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=LOGIN msg=audit(1336941301.016:10010): login pid=27266 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1542
type=USER_START msg=audit(1336941301.046:10011): user pid=27266 uid=0 auid=0 msg='PAM: session open acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=CRED_DISP msg=audit(1336941301.076:10012): user pid=27266 uid=0 auid=0 msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=USER_END msg=audit(1336941301.076:10013): user pid=27266 uid=0 auid=0 msg='PAM: session close acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'

Environment

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.