|
Thanks for the question. Unlike a vanilla kernel which will leave you guessing, the ASL kernel will report when an OS defined system has been exceeded. A vanilla kernel wouldnt tell you this was happening (it would still happen, you just would have a much harder time figuring that you hit that limit, why vanilla kernels dont tell you this is a mystery to me).
Anyway, neither the ASL nor a vanilla kernel sets these limits, not do they enforce them. The ASL kernel is just doing you a favor and just telling you that you have something exceeding that limit. RLIMIT_NOFILE, if memory serves, default is 1024 so just raise that.
With that said, check to make sure all your ASL components, and the kernel are up to date. Thats limiting the files that syscheckd can open, which normally wouldnt be that high. So that can either be a bug that was fixed some time ago, or syscheckd is checking a LOT of files on your system and the OS is constraining it, which may be a good thing - it could be misconfigured and is doing more work than it needs to.
So first, check to make sure everything is patched and up to date on the box. Whats the output of:
yum upgrade
(Dont hit y, just want to know what might be missing from the box)
What version of asl is installed
asl -v
And what kernel
uname -a
If its all up to date, then that sounds like there may be a configuration issue on your machine where syscheckd is doing too much work. We can tackle that next once we ensure everything is up to date.
_________________
Michael Shinn
Atomicorp - Security For Everyone
Co-Author of Troubleshooting Linux Firewalls.
|
Login
Register
FAQ
Search
