[grsec] Slew of chdir messages - why?

Brad Spengler spender at grsecurity.net
Thu Dec 30 10:05:01 EST 2004


On Wed, Dec 29, 2004 at 08:59:42PM +0000, John Logsdon wrote:
> I am running grsec2.0.2 CVS'ed on 21st Dec at about 1400 GMT.  The box is
> Fedora Core 2. I get a continuous slew of messages in /var/log/messages:
> 
> Dec 29 20:48:00 unix kernel: grsec: chdir to /root by
> /usr/sbin/crond[crond:19046] uid/euid:0/0 gid/egid:0/0, parent
> /usr/sbin/crond[crond:3401] uid/euid:0/0 gid/egid:0/0
> 
> There have been about 18000 such messages since Sunday at 4pm, all to do
> with chdir.   grsec has been disabled and has never been enabled in this
> kernel.  The only thing that has been done is to re-process some older
> learning logs.

Your config says grsec is enabled, as well as GRKERNSEC_AUDIT_CHDIR, 
which is the feature generating these logs.

-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20041230/84432ec7/attachment.pgp


More information about the grsecurity mailing list