Auditd hostname?
by lattimro from LinuxQuestions.org on (#6GH4C)
Hi Folks,
What is not properly defined on this fedora 39 for auditd to report these hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
Code:tail /var/log/audit/audit.log
type=LOGIN msg=audit(1700497234.187:297): pid=3389 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=975 tty=(none) old-ses=4294967295 ses=5 res=1UID="root" OLD-AUID="unset" AUID="lightdm"
type=USER_START msg=audit(1700497234.216:298): pid=3389 uid=0 auid=975 ses=5 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_systemd_home,pam_umask,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="lightdm" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="lightdm"
type=SERVICE_START msg=audit(1700497235.164:299): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@975 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_START msg=audit(1700497235.223:300): pid=3383 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_unix,pam_systemd acct="lightdm" exe="/usr/sbin/lightdm" hostname=? addr=? terminal=:0 res=success'UID="root" AUID="unset"
type=BPF msg=audit(1700497238.774:301): prog-id=96 op=LOAD
type=SERVICE_START msg=audit(1700497239.111:302): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1700497269.315:303): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1700497269.319:304): prog-id=96 op=UNLOAD
type=SERVICE_STOP msg=audit(1700497291.358:305): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=geoclue comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1700497365.362:306): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-:1.3-org.freedesktop.problems@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"Thanks a lot!
What is not properly defined on this fedora 39 for auditd to report these hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
Code:tail /var/log/audit/audit.log
type=LOGIN msg=audit(1700497234.187:297): pid=3389 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=975 tty=(none) old-ses=4294967295 ses=5 res=1UID="root" OLD-AUID="unset" AUID="lightdm"
type=USER_START msg=audit(1700497234.216:298): pid=3389 uid=0 auid=975 ses=5 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_systemd_home,pam_umask,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="lightdm" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="lightdm"
type=SERVICE_START msg=audit(1700497235.164:299): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@975 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_START msg=audit(1700497235.223:300): pid=3383 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_unix,pam_systemd acct="lightdm" exe="/usr/sbin/lightdm" hostname=? addr=? terminal=:0 res=success'UID="root" AUID="unset"
type=BPF msg=audit(1700497238.774:301): prog-id=96 op=LOAD
type=SERVICE_START msg=audit(1700497239.111:302): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1700497269.315:303): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1700497269.319:304): prog-id=96 op=UNLOAD
type=SERVICE_STOP msg=audit(1700497291.358:305): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=geoclue comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1700497365.362:306): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-:1.3-org.freedesktop.problems@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"Thanks a lot!