How to exclude crond from audit logs
Issue
- How do you disable
PAM
relatedcrond
messages from logging to the/var/log/audit/audit.log
file?
type=USER_ACCT msg=audit(1336941301.016:10008): user pid=27266 uid=0 auid=4294967295 msg='PAM: accounting acct="root" :
exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=CRED_ACQ msg=audit(1336941301.016:10009): user pid=27266 uid=0 auid=4294967295 msg='PAM: setcred acct="root" :
exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=LOGIN msg=audit(1336941301.016:10010): login pid=27266 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1542
type=USER_START msg=audit(1336941301.046:10011): user pid=27266 uid=0 auid=0 msg='PAM: session open acct="root" :
exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=CRED_DISP msg=audit(1336941301.076:10012): user pid=27266 uid=0 auid=0 msg='PAM: setcred acct="root" :
exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=USER_END msg=audit(1336941301.076:10013): user pid=27266 uid=0 auid=0 msg='PAM: session close acct="root" :
exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
Environment
- Red Hat Enterprise Linux
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.