Hi all, Will I miss something critical if I will disable auditd on Fedora 22 by "systemctl disable auditd" ?
Regards, Kevin
On Fri, 19 Jun 2015 19:14:56 -0400 Sam Varshavchik wrote:
My totally unscientific assessment of auditd is that it's a massive syslog spammer, and won't be missed.
There are a few obscure questions you can answer about your system using auditd, but it is almost impossible to discover how to use it to find out the info even if you suspect it might be useful :-).
Personally, I also set audit=0 on the kernel command line to prevent anyone from even trying to talk to auditd.
On Fri, 19 Jun 2015 19:19:15 -0400 Tom Horsley horsley1953@gmail.com wrote:
On Fri, 19 Jun 2015 19:14:56 -0400 Sam Varshavchik wrote:
My totally unscientific assessment of auditd is that it's a massive syslog spammer, and won't be missed.
There are a few obscure questions you can answer about your system using auditd, but it is almost impossible to discover how to use it to find out the info even if you suspect it might be useful :-).
Personally, I also set audit=0 on the kernel command line to prevent anyone from even trying to talk to auditd.
I just removed auditd from the system using dnf erase auditd. We will see what happens, but no issue so far.
Oh, I removed libreport too, a while ago.
Ranjan
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Hi, Thanks Sam, Tom and Ranjan! Going further:
In /etc/selinux/config
I set SELINUX=disabled Which means that I do not use in fact SElinux, so it seems to me.
So will it be OK to run: rpm -e selinux-policy-targeted rpm -e selinux-policy
Regards, Kevin
On Sat, Jun 20, 2015 at 3:26 AM, Ranjan Maitra maitra.mbox.ignored@inbox.com wrote:
On Fri, 19 Jun 2015 19:19:15 -0400 Tom Horsley horsley1953@gmail.com wrote:
On Fri, 19 Jun 2015 19:14:56 -0400 Sam Varshavchik wrote:
My totally unscientific assessment of auditd is that it's a massive syslog spammer, and won't be missed.
There are a few obscure questions you can answer about your system using auditd, but it is almost impossible to discover how to use it to find out the info even if you suspect it might be useful :-).
Personally, I also set audit=0 on the kernel command line to prevent anyone from even trying to talk to auditd.
I just removed auditd from the system using dnf erase auditd. We will see what happens, but no issue so far.
Oh, I removed libreport too, a while ago.
Ranjan
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
-- Important Notice: This mailbox is ignored: e-mails are set to be deleted on receipt. Please respond to the mailing list if appropriate. For those needing to send personal or professional e-mail, please use appropriate addresses.
FREE 3D MARINE AQUARIUM SCREENSAVER - Watch dolphins, sharks & orcas on your desktop! Check it out at http://www.inbox.com/marineaquarium
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On Mon, Jun 22, 2015 at 08:01:41AM +0300, Kevin Wilson wrote:
In /etc/selinux/config
I set SELINUX=disabled Which means that I do not use in fact SElinux, so it seems to me.
It is recommended to keep it permissive instead of disabled.
So will it be OK to run: rpm -e selinux-policy-targeted rpm -e selinux-policy
I do not think this is possible. SELinux support is in the kernel, many applications expect the libraries to be there, eventhough it is disabled or set to permissive.
Hope this helps,
On 06/22/2015 03:44 AM, Suvayu Ali wrote:
On Mon, Jun 22, 2015 at 08:01:41AM +0300, Kevin Wilson wrote:
In /etc/selinux/config
I set SELINUX=disabled Which means that I do not use in fact SElinux, so it seems to me.
It is recommended to keep it permissive instead of disabled.
So will it be OK to run: rpm -e selinux-policy-targeted rpm -e selinux-policy
I do not think this is possible. SELinux support is in the kernel, many applications expect the libraries to be there, eventhough it is disabled or set to permissive.
Hope this helps,
If you disable SELinux on your system you can remove those two packages, you will not be able to remove libselinux.
Hi Daniel,
On 22 June 2015 at 15:41, Daniel J Walsh dwalsh@redhat.com wrote:
On 06/22/2015 03:44 AM, Suvayu Ali wrote:
On Mon, Jun 22, 2015 at 08:01:41AM +0300, Kevin Wilson wrote:
In /etc/selinux/config
I set SELINUX=disabled Which means that I do not use in fact SElinux, so it seems to me.
It is recommended to keep it permissive instead of disabled.
So will it be OK to run: rpm -e selinux-policy-targeted rpm -e selinux-policy
I do not think this is possible. SELinux support is in the kernel, many applications expect the libraries to be there, eventhough it is disabled or set to permissive.
Hope this helps,
If you disable SELinux on your system you can remove those two packages, you will not be able to remove libselinux.
Thanks a lot for correcting me. I did not know that.
Cheers,
Dan, Thanks a lot for your reply. In fact, I ran pm -e selinux-policy-targeted rpm -e selinux-policy And after reboot I got some message about freeze from systemd, I could not login (tried twice), so I reinstalled Linux on this machine. The question is: what do you mean by "If you disable SELinux".
Does that mean adding "selinux=0" on command line? Or is it enough to set, in /etc/selinux/config
SELINUX=disabled
(or maybe better is SELINUX=permissive, as Ali suggested ). Regards, Kevin
Hi,
One of the reasons I'm using Fedora is because the exceptional support for SELinux and auditd that so far - despite a known incompatibility with Docker + Btrfs - is working great.
Said that, kudos to everyone who makes SELinux integration such smooth.
On Tue, Jun 23, 2015 at 1:36 AM Kevin Wilson wkevils@gmail.com wrote:
Dan, Thanks a lot for your reply. In fact, I ran pm -e selinux-policy-targeted rpm -e selinux-policy And after reboot I got some message about freeze from systemd, I could not login (tried twice), so I reinstalled Linux on this machine. The question is: what do you mean by "If you disable SELinux".
Does that mean adding "selinux=0" on command line? Or is it enough to set, in /etc/selinux/config
SELINUX=disabled
(or maybe better is SELINUX=permissive, as Ali suggested ). Regards, Kevin
Yes, as Ali suggested in this particular use case the best approach would be to set SELINUX=permissive and reboot.
Regards, -Martín
On 06/23/2015 12:36 AM, Kevin Wilson wrote:
Dan, Thanks a lot for your reply. In fact, I ran pm -e selinux-policy-targeted rpm -e selinux-policy And after reboot I got some message about freeze from systemd, I could not login (tried twice), so I reinstalled Linux on this machine. The question is: what do you mean by "If you disable SELinux".
Does that mean adding "selinux=0" on command line? Or is it enough to set, in /etc/selinux/config
SELINUX=disabled
(or maybe better is SELINUX=permissive, as Ali suggested ). Regards, Kevin
Either will work, although I advise against it... :^)
-
Daniel J Walsh -
Kevin Wilson -
Martin Cigorraga -
Ranjan Maitra -
Sam Varshavchik -
Suvayu Ali -
Tom Horsley