Date: Fri, 07 Dec 2007 16:10:54 -0600 From: Paul Schmehl <pauls@utdallas.edu> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Problems with auditd Message-ID: <0C62124225962A54433BE453@utd59514.utdallas.edu> In-Reply-To: <1150.192.168.13.35.1197063661.squirrel@www.boosten.org> References: <1DD9ABE123D4CF6F937ADD62@utd59514.utdallas.edu> <1150.192.168.13.35.1197063661.squirrel@www.boosten.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Friday, December 07, 2007 22:41:01 +0100 Peter Boosten <peter@boosten.org> wrote: > On Fri, December 7, 2007 22:06, Paul Schmehl wrote: >> I upgraded my system from 6.0 RELEASE to 6.2 RELEASE by cvsupping the >> files and then running buildkernel/buildworld as usual. Since doing >> that, auditd will not run, even though I have auditd_enable="YES" in >> /etc/rc.conf. I've >> been reading online posts about auditd and auditing (as well as the man >> pages) but I haven't found what the problem is. >> >> If I run audit -s, I get this: >> root@utd59514# audit -s Error sending trigger: Function not implemented >> >> > > Did you compile the audit option into the kernel? > > options AUDIT > > Peter Apparently not. I compiled the GENERIC kernel, and it does not appear to have that option. Strange. You would think, if the system is going to install the daemon, it would have that option in the GENERIC kernel. :-( -- Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0C62124225962A54433BE453>