[grsec] Slew of chdir messages - why?
Brad Spengler
spender at grsecurity.net
Thu Dec 30 10:05:01 EST 2004
On Wed, Dec 29, 2004 at 08:59:42PM +0000, John Logsdon wrote:
> I am running grsec2.0.2 CVS'ed on 21st Dec at about 1400 GMT. The box is
> Fedora Core 2. I get a continuous slew of messages in /var/log/messages:
>
> Dec 29 20:48:00 unix kernel: grsec: chdir to /root by
> /usr/sbin/crond[crond:19046] uid/euid:0/0 gid/egid:0/0, parent
> /usr/sbin/crond[crond:3401] uid/euid:0/0 gid/egid:0/0
>
> There have been about 18000 such messages since Sunday at 4pm, all to do
> with chdir. grsec has been disabled and has never been enabled in this
> kernel. The only thing that has been done is to re-process some older
> learning logs.
Your config says grsec is enabled, as well as GRKERNSEC_AUDIT_CHDIR,
which is the feature generating these logs.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20041230/84432ec7/attachment.pgp
More information about the grsecurity
mailing list