How to remove auditlog from ubuntu?
I my Ubunut 18.04 server there is a command running auditlog which consume ~100% of my CPU. If I kill process finding PID it works fine for a day or so and then it's run again and consume my CPU.
Once I installed mail server in in my machine and later I remove it, I guess this could be a reason of auditlog, but I could not trace it.
Please help me to remove this service.
root 11710 87.7 0.2 715092 4684 ? Ssl Apr14 1709:42 auditlog
ubuntu 12059 0.0 0.0 14428 1004 pts/0 S+ 10:47 0:00 grep --color=auto auditlog
Output of command: cat /proc/9499/cmdline is auditlog
and ls -lF /proc/9499/fd/ output:
lr-x------ 1 root root 64 Apr 20 11:29 0 -> /dev/null
l-wx------ 1 root root 64 Apr 20 11:29 1 -> 'pipe:[7363932]'
lrwx------ 1 root root 64 Apr 20 11:29 10 -> 'anon_inode:[eventfd]'
lr-x------ 1 root root 64 Apr 20 11:29 11 -> /dev/null
lrwx------ 1 root root 64 Apr 20 11:29 12 -> 'socket:[7417752]'
l-wx------ 1 root root 64 Apr 20 11:29 2 -> 'pipe:[7363933]'
lrwx------ 1 root root 64 Apr 20 11:29 3 -> 'anon_inode:[eventpoll]'
lr-x------ 1 root root 64 Apr 20 11:29 4 -> 'pipe:[7363997]'
l-wx------ 1 root root 64 Apr 20 11:29 5 -> 'pipe:[7363997]'
lr-x------ 1 root root 64 Apr 20 11:29 6 -> 'pipe:[7363996]'
l-wx------ 1 root root 64 Apr 20 11:29 7 -> 'pipe:[7363996]'
lrwx------ 1 root root 64 Apr 20 11:29 8 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Apr 20 11:29 9 -> 'anon_inode:[eventfd]'
and nothing found with the command grep -s -i auditlog /etc/cron* /etc/cron/
1 Reply
According to this:
You can remove the Ubuntu security auditing system with the command
sudo apt remove auditd
I am not, however, going to give any kind of assurance that your system will work correctly after you do this. Choose wisely.
-- sw