Is there any way to make SPADE(with Audit) run on an aarch64 architecture system? #134
Comments
|
The information about the error comes from the log of SPADE. |
|
The Audit Reporter infers provenance from the Linux kernel's Audit log. It appears that support for the aarch64 architecture is not being added: linux-audit/audit-userspace#73 (comment) |
Thanks for your reply very much, I will try to find another tools to collect datas. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I need to collect data through Linux Audit on Nvidia's development board, but failed to add Audit to Reporter, and the following error occurs.
spade.reporter.Audit _launch Serious: Failed to setup Linux audit rules
java.lang.Exception: Failed to set audit rules
at spade.reporter.audit.AuditControlManager.set(AuditControlManager.java:296)
at spade.reporter.Audit._launch(Audit.java:506)
at spade.reporter.Audit.launch(Audit.java:278)
at spade.core.Kernel.addReporterCommand(Kernel.java:948)
at spade.core.Kernel.addCommand(Kernel.java:1111)
at spade.core.Kernel.executeCommand(Kernel.java:621)
at spade.core.Kernel$LocalControlConnection.run(Kernel.java:1978)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.lang.Exception: Failed to add audit rule
at spade.reporter.audit.AuditControlManager.appendRule(AuditControlManager.java:235)
at spade.reporter.audit.AuditControlManager.set(AuditControlManager.java:284)
... 7 more
Caused by: java.lang.Exception: Failed to execute auditctl command: 'auditctl -a exit,always -F arch=b64 -F uid!=1000 -S bind -S accept -S accept4 -S socket -S mmap -S mprotect -S madvise -S unlink -S unlinkat -S link -S linkat -S symlink -S symlinkat -S clone -S fork -S vfork -S execve -S open -S openat -S creat -S close -S mknod -S mknodat -S dup -S dup2 -S dup3 -S fcntl -S rename -S renameat -S setuid -S setreuid -S setresuid -S setgid -S setregid -S setresgid -S chmod -S fchmod -S fchmodat -S truncate -S ftruncate -S pipe -S pipe2 -S tee -S splice -S vmsplice -S socketpair -S init_module -S finit_module -S ptrace -S chdir -S fchdir -S chroot -S pivot_root -F success=1 -F pid!=44 -F pid!=21682 -F pid!=22241 -F pid!=22057 -F pid!=22059 -F ppid!=44 -F ppid!=21682 -F ppid!=22241 -F ppid!=22057 -F ppid!=22059'
at spade.reporter.audit.AuditControlManager.executeAuditctl(AuditControlManager.java:203)
at spade.reporter.audit.AuditControlManager.appendRule(AuditControlManager.java:233)
... 8 more
Caused by: java.lang.Exception: Error: [Syscall name unknown: unlink]
at spade.reporter.audit.AuditControlManager.executeAuditctl(AuditControlManager.java:199)
... 9 more
After I browsed other questions and their answers, I found that the author explained that SPADE (with Audit) only supports x86_64 architecture systems, but the architecture used by the Nvidia development board is aarch64. Is there any way to make SPADE run on the aarch64 system?
The text was updated successfully, but these errors were encountered: