Bug 19797

Summary: Logs flooded by audit messages (pam messages)
Product: Mageia Reporter: Anne Nicolas <ennael1>
Component: RPM PackagesAssignee: All Packagers <pkg-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: shlomif, tmb
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: audit? CVE:
Status comment:

Description Anne Nicolas 2016-11-15 23:11:33 CET 
Using Cauldron on a daily base, all is ok except logs which are flooded by audit such as:

[ 1373.047621] audit: type=1105 audit(1479247844.983:706): pid=5665 uid=0 auid=1000 ses=3 msg='op=PAM:session_open grantors=pam_limits,pam_systemd,pam_unix,pam_xauth acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=pts/1 res=success'

it seems pam_tty_audit is enabled and I did not find for now where to disable it
Comment 1 Rémi Verschelde 2016-11-15 23:13:05 CET 
Not sure yet if the issue is with audit itself or something that triggers it, so assigning to all packagers and CC'ing audit maintainer.

CC: (none) => shlomif
Assignee: bugsquad => pkg-bugs
Source RPM: (none) => audit?

Comment 2 Thomas Backlund 2016-11-16 09:13:11 CET 
iirc it's systemd that started triggering all theese audit logs, with the "if its there, use it" mantra... and "if you dont like it, boot with audit=0"

CC: (none) => tmb

Comment 3 Anne Nicolas 2016-12-01 08:54:57 CET 
What about using audit=0 by default in our installation. Then if needed it should be removed. I'm not sure it's that usefull for standard users. WDYT?
Comment 4 Rémi Verschelde 2016-12-01 08:57:25 CET 
I'm all for it, my dmesg is so spammed by stuff like this that it's unreadable:

[  958.759708] audit: type=1105 audit(1480573902.862:166): pid=30050 uid=1000 auid=1000 ses=3 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/pkexec" hostname=? addr=? terminal=? res=success'
[ 4266.829639] audit_printk_skb: 6 callbacks suppressed
[ 4266.829642] audit: type=1130 audit(1480577210.699:169): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=dnf-makecache comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Comment 5 Anne Nicolas 2017-01-06 16:36:41 CET 
fix in commit 1ea7c5a1099fb73823cf4fea7e46328945fa4f81 
add audit=0 in cmdline

diff --git a/images/grub2.config b/images/grub2.config
index 3637236..c6db07f 100644
--- a/images/grub2.config
+++ b/images/grub2.config
@@ -23,7 +23,7 @@ set timeout=10
 search --no-floppy --set=root -l 'Mageia-6-x86_64-netinstall'
 
 menuentry 'Start Mageia 6 (Cauldron) Install' {
-        linux /isolinux/x86_64/vmlinuz quiet noiswmd
+        linux /isolinux/x86_64/vmlinuz audit=0 quiet noiswmd
         initrd /isolinux/x86_64/all.rdz
 }

Status: NEW => RESOLVED
Resolution: (none) => FIXED