• Home
  • Categories
  • WIKI
  • LANGUAGE: en
    • [Others] 系统更新 20.2.1 后不断出现 "audit: type=1131 audit" 日志
    Product Feedback 4359 views · 5 replies ·
    Tofloor
    poster avatar
    shumkimman
    deepin
    2021-05-20 01:26
    Author

    系统更新 20.2.1 后不断出现 "audit: type=1131 audit" 日志

    dmesg

     

    [  374.269562] audit: type=1131 audit(1621416285.672:290): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=deepin-anything-monitor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'

    [  384.485703] audit: type=1130 audit(1621416295.885:291): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=deepin-anything-monitor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

    [  384.485708] audit: type=1131 audit(1621416295.885:292): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=deepin-anything-monitor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

    [  384.486881] audit: type=1130 audit(1621416295.885:293): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=deepin-anything-monitor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

    [  384.514022] audit: type=1131 audit(1621416295.913:294): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=deepin-anything-monitor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'

    [  392.570713] audit: type=1131 audit(1621416303.969:295): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=systemd-timedated comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

    [  392.616118] audit: type=1334 audit(1621416304.017:296): prog-id=14 op=UNLOAD

    [  392.616129] audit: type=1334 audit(1621416304.017:297): prog-id=13 op=UNLOAD

    [  394.736221] audit: type=1130 audit(1621416306.137:298): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=deepin-anything-monitor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

    [  394.736226] audit: type=1131 audit(1621416306.137:299): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=deepin-anything-monitor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

    [  394.737358] audit: type=1130 audit(1621416306.137:300): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=deepin-anything-monitor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

    [  394.762195] audit: type=1131 audit(1621416306.161:301): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=deepin-anything-monitor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'

    [  404.985911] audit: type=1130 audit(1621416316.386:302): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=deepin-anything-monitor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

    [  404.985917] audit: type=1131 audit(1621416316.386:303): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=deepin-anything-monitor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

    [  404.987079] audit: type=1130 audit(1621416316.386:304): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=deepin-anything-monitor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

    [  404.999497] audit: type=1131 audit(1621416316.398:305): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=deepin-anything-monitor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'

     

    Reply Favorite View the author
    All Replies
    wtz
    deepin
    2021-05-20 03:48
    #1

    不看不知道,一看吓一跳。。。

    这是要把journal目录炸掉的节奏么

     

    先用这个命令凑合一下:

    sudo systemctl mask systemd-journald-audit.socket

    真正的解决办法可能还得去找那些频繁出错的进程(如deepin-elf-verify)。

    Reply View the author
    Wootifer
    deepin
    2021-05-20 05:45
    #2

    还真是

    Reply View the author
    qq8645
    deepin
    2021-05-20 20:14
    #3

    我也有此情况,不晓得deepin改了啥东西。

    (此论坛搜“滚动”)

    Reply View the author
    guanguan2228
    deepin
    2021-05-21 08:29
    #4

    deepin的内核配置上没关闭这个审计模式,可以安装我定制过的5.11.22内核试试,文件有发贴

    Reply View the author
    xexz
    deepin
    2021-06-23 21:16
    #5

    auditd没启动。

    sudo apt install auditd

     

    Reply View the author