Is process accounting version 3 available in RHEL kernel?

Solution Verified - Updated -

Issue

The following information has been provided by Red Hat, but is outside the scope of the posted
Service Level Agreement sand support procedures. The information is provided as-is and any configuration settings or installed applications made from the information in this article could make the Operating System unsupported by Red Hat Global Support Services. The intent of this article is to provide information to accomplish the system's needs. Use of the information in this article at the user's own risk.

Issue

  • Which version of Red Hat Enterprise Linux has the process accounting (pacct) record version 3  (CONFIG_BSD_PROCESS_ACCT_V3) enabled? It has PID and PPID included for auditing.

Environment

  • Red Hat Enterprise Linux 5

Resolution

By default, CONFIG_BSD_PROCESS_ACCT_V3 is disabled in RHEL 5 kernels. For enabling it, add it in the kernel config file and rebuild the kernel.

Note that Red Hat will not support such kind of customized kernels.

To build custom kernel, you need to download the source rpm first. It can be done by download src rpm from RHN (http://rhn.redhat.com/). Following are the steps to rebuild the kernel.

1) Install source rpm and apply pathes to the original kernel source

# rpm -ivh kernel-2.6.x-x.src.rpm
# cd /usr/src/redhat/SPECS
# rpmbuild -bp --target=i686 kernel.spec

The above steps will build the kernel source in /usr/src/redhat/BUILD/ directory.

2) Move to the directory to rebuild kernel.

# cd /usr/src/redhat/BUILD/kernel-2.6.x/linux-2.6.x

3) Build the kernel

# make modules && make bzImage && make modules_install && make install

This will compile modules and bootable kernel image. If nothing wrong happened, it will install the modules into /lib/modules/2.6.x../ directory and install kernel image into /boot directory with related files. However, this process is not devoid of problems. If the user has limited resources for their file system because the kernel built with those commands create much bigger files compared to the Red Hat's files. It happens because Red Hat's kernel is stripped off some unnecessary information.

Alternative way for Step 3 : 4) Build a kernel with INSTALL_MOD_STRIP option turned on.

# make modules && make bzImage && make INSTALL_MOD_STRIP=1 modules_install && make INSTALL_MOD_STRIP=1 install

Root Cause

The process accounting version 3 will break the kernel's ABI for the accounting file format in RHEL 5, and thus this sort of change is restricted to major RHEL releases.

Comment

RHEL 6 kernel is shipped with CONFIG_BSD_PROCESS_ACCT_V3=y.
https://bugzilla.redhat.com/show_bug.cgi?id=224096

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content