© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
The latest audit messages are actually not present in /var/log/messages or /var/log/daemon.
They do however show up when running dmesg.
root@thosjo-lab:~# grep audit /var/log/messages /var/log/
0
root@thosjo-lab:~# dmesg|grep audit| wc -l
646
root@thosjo-lab:~# dmesg|grep audit | tail -n5
[28191.924373] type=1502 audit(122521274
[28196.924211] type=1502 audit(122521275
[28196.924383] type=1502 audit(122521275
[28201.924204] type=1502 audit(122521275
[28201.924391] type=1502 audit(122521275
root@thosjo-lab:~# aa-logprof
Reading log entries from /var/log/messages.
Updating AppArmor profiles in /etc/apparmor.d.
sys----
root@thosjo-lab:~# zgrep audit /var/log/* | tail -n 5
/var/log/
/var/log/
/var/log/
/var/log/
/var/log/
root@thosjo-lab:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 8.10
Release: 8.10
Codename: intrepid
root@thosjo-lab:~# uname -a && dpkg -l |grep apparmor
Linux thosjo-lab 2.6.27-7-generic #1 SMP Fri Oct 24 06:42:44 UTC 2008 i686 GNU/Linux
ii apparmor 2.3+1289-0ubuntu4 User-space parser utility for AppArmor
ii apparmor-utils 2.3+1289-0ubuntu4 Utilities for controlling AppArmor
ii libapparmor-perl 2.3+1289-0ubuntu4 AppArmor library Perl bindings
ii libapparmor1 2.3+1289-0ubuntu4 changehat AppArmor library
root@thosjo-lab:~# aa-status
apparmor module is loaded.
10 profiles are loaded.
3 profiles are in enforce mode.
/usr/
/usr/
/usr/sbin/cupsd
7 profiles are in complain mode.
/usr/sbin/ntpd
/usr/sbin/acpid
/sbin/syslogd
/usr/
/sbin/dhclient3
/sbin/
/usr/
8 processes have profiles defined.
0 processes are in enforce mode :
8 processes are in complain mode.
/usr/
/usr/sbin/ntpd (5375)
/sbin/
/usr/sbin/ntpd (5376)
null-
/sbin/dhclient3 (5221)
/usr/sbin/acpid (4349)
/sbin/syslogd (4468)
0 processes are unconfined but have a profile defined.