audit messages flooding dmesg output
I am running Fedora 23 x64 Workstation edition on my ASUS TP300LA notebook. Seeing lots of audit messages on the dmesg output (see below).
To my inexperienced eyes, it looks like what I am seeing here is similar to the bug reported (Bug 1227379 - Audit events on /var/log/messages) reported on Fedora 22. Is that correct?
[11447.564304] audit: type=1130 audit(1462055704.308:634): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=dnf-makecache comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[11447.564324] audit: type=1131 audit(1462055704.308:635): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=dnf-makecache comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[12569.938586] audit: type=1105 audit(1462056826.601:636): pid=29271 uid=1000 auid=1000 ses=1 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/pkexec" hostname=? addr=? terminal=? res=success'
[12633.315688] audit: type=1105 audit(1462056889.974:637): pid=29602 uid=1000 auid=1000 ses=1 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/pkexec" hostname=? addr=? terminal=? res=success'
[12943.594406] audit: type=1325 audit(1462057200.232:639): table=filter family=2 entries=0
[12943.594850] audit: type=1325 audit(1462057200.232:640): table=nat family=2 entries=0
[12943.594870] audit: type=1325 audit(1462057200.232:641): table=mangle family=2 entries=0
[12943.594882] audit: type=1325 audit(1462057200.232:642): table=raw family=2 entries=0
[12943.594896] audit: type=1325 audit(1462057200.232:643): table=security family=2 entries=0
[12943.594916] audit: type=1325 audit(1462057200.232:644): table=filter family=10 entries=0
[12943.594938] audit: type=1325 audit(1462057200.232:645): table=nat family=10 entries=0
[12943.594955] audit: type=1325 audit(1462057200.232:646): table=mangle family=10 entries=0
[12943.594965] audit: type=1325 audit(1462057200.232:647): table=raw family=10 entries=0
I tried the second option suggested in Comment 65
If you want to keep auditing enabled, but disable its logging by journald, you can use
systemctl mask systemd-journald-audit.socket
and restart journald.
but there was no effect on my system. I am still seeing these audit messages.
I don't have an /etc/rsyslog.conf file on my system.
How do I get to stop these audit messages flooding my system? Please can someone guide me through this?