-1

auditd -n keeps writing and using resources for the stuff below. What is it, and is it necessary for this script to be constantly writing stuff?

I am running Cenots 7 and Plex Onyx...if it is not needed I would really like to uninstall it.

type=NETFILTER_CFG msg=audit(1487879713.783:1316): table=filter family=2 entries=52
type=SYSCALL msg=audit(1487879713.783:1316): arch=c000003e syscall=54 success=yes exit=0 a0=3 a1=0 a2=40 a3=21ff8a0 items=0 ppid=18408 pid=18469 auid=10000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=4 comm="ip$
type=NETFILTER_CFG msg=audit(1487879713.790:1317): table=filter family=10 entries=52
type=SYSCALL msg=audit(1487879713.790:1317): arch=c000003e syscall=54 success=yes exit=0 a0=3 a1=29 a2=40 a3=190ce50 items=0 ppid=18408 pid=18470 auid=10000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=4 comm="i$
type=NETFILTER_CFG msg=audit(1487879713.795:1318): table=filter family=2 entries=66
type=SYSCALL msg=audit(1487879713.795:1318): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=a75050 items=0 ppid=18408 pid=18471 auid=10000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=4 comm="ipt$
type=NETFILTER_CFG msg=audit(1487879713.802:1319): table=filter family=2 entries=67
type=SYSCALL msg=audit(1487879713.802:1319): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=b74500 items=0 ppid=18408 pid=18472 auid=10000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=4 comm="ipt$
type=NETFILTER_CFG msg=audit(1487879713.810:1320): table=filter family=2 entries=68
type=SYSCALL msg=audit(1487879713.810:1320): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=18db680 items=0 ppid=18408 pid=18473 auid=10000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=4 comm="ip$
type=NETFILTER_CFG msg=audit(1487879713.817:1321): table=filter family=10 entries=66
Nikk
  • 239
  • 1
  • 4
  • 10
  • 1
    You cut off the interesting parts of each line. Remember that you should not use the `nano` editor. – Michael Hampton Feb 25 '17 at 19:00
  • "auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. " - per `man auditd`. You might want to read up a bit on auditd, but if this is causing major issues, `sudo systemctl disable audit && sudo systemctl stop audit` should help – iwaseatenbyagrue Mar 10 '17 at 16:54

1 Answers1

1

What is it

The auditd program is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk.

it necessary for this script to be constantly writing stuff

That's the way it has been configured.

..if it is not needed I would really like to uninstall it

I use it YMMV.

It would probably be a good idea if you read up on the Linux Audit system and made your own decisions about whether you need it or not.

user9517
  • 115,471
  • 20
  • 215
  • 297