Bug 1250039

Summary: The chapter on system auditing needs to be updated to RHEL7
Product: Red Hat Enterprise Linux 7 Reporter: mertensb
Component: doc-Security_GuideAssignee: Mirek Jahoda <mjahoda>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: unspecified Docs Contact:
Priority: high    
Version: 7.1CC: rkratky, sgrubb
Target Milestone: rcKeywords: Documentation
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-28 14:16:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description mertensb 2015-08-04 12:02:54 UTC 
Document URL: 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/chap-system_auditing.html

Section Number and Name: 
Chapter 5. System Auditing and underlying sections
like 5.2. Installing the audit Packages

Describe the issue: 
This chapter has not been updated for RHEL7.
examples:
section 5.2 says "The audit packages (audit and audit-libs) are installed by default on Red Hat Enterprise Linux 6."
and section 5.4. Starting the audit Service refers to the commands service and chkconfig instead of systemctl.

Suggestions for improvement: 
Update the section for RHEL7, remove references to RHEL6 and update the commands and possibly other items to reflect the status of RHEL7.

Additional information:
Comment 3 Steve Grubb 2016-06-10 12:55:08 UTC 
The service command is the correct way to start and stop the audit daemon on RHEL 7. It has requirements that systemd commands cannot meet.

There is a big audit package rebase landing in 7.3. It would be best to wait until that lands to finish up the docs. It will be the 2.5.3 package if that is any help. It will have new configuration options and capabilities that need documenting.
Comment 4 Mirek Jahoda 2016-06-13 12:26:49 UTC 
(In reply to mertensb from comment #0)
> Document URL: 
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/
> html/Security_Guide/chap-system_auditing.html
> 
> Section Number and Name: 
> Chapter 5. System Auditing and underlying sections
> like 5.2. Installing the audit Packages
> 
> Describe the issue: 
> This chapter has not been updated for RHEL7.
> examples:
> section 5.2 says "The audit packages (audit and audit-libs) are installed by
> default on Red Hat Enterprise Linux 6."
> and section 5.4. Starting the audit Service refers to the commands service
> and chkconfig instead of systemctl.
> 
> Suggestions for improvement: 
> Update the section for RHEL7, remove references to RHEL6 and update the
> commands and possibly other items to reflect the status of RHEL7.
> 
> Additional information:

Hello,

I have updated the section and removed the mentioned obvious relics. We will make a bigger and complete update of the audit chapter as soon as the big package rebase of audit will be available in RHEL (7.3).

Thank you for your report.
Comment 10 Mirek Jahoda 2016-06-28 14:16:55 UTC 
The fix was published on the Customer Portal:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/chap-system_auditing.html