Bug 1349366

Summary: auditd.service should not be inactive as default in rhevh-ng 4.0
Product: [oVirt] ovirt-node Reporter: Ying Cui <ycui>
Component: Installation & UpdateAssignee: Ryan Barry <rbarry>
Status: CLOSED CURRENTRELEASE QA Contact: Ying Cui <ycui>
Severity: medium Docs Contact:
Priority: high    
Version: 4.0CC: bugs, cshao, dfediuck, rbarry, weiwang
Target Milestone: ovirt-4.0.1Flags: dfediuck: ovirt-4.0.z+
rule-engine: planning_ack+
fdeutsch: devel_ack+
ycui: testing_ack+
Target Release: 4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: redhat-release-virtualization-host-4.0-0.16.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-04 13:31:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Node RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ying Cui 2016-06-23 10:34:06 UTC 
Description of problem:
The auditd.service is an important service, it will track security relevant information. But in rhevh-ng 4.0, the default is inactive, and no /var/audit/audit.log generated.

So it should be active as default after rhevh-ng installation.

Version-Release number of selected component (if applicable):
rhev-hypervisor7-ng-4.0-20160622.1
imgbased-0.7.0-0.1.el7ev.noarch


How reproducible:
100%

Steps to Reproduce:
1. Interactive installed rhevh-ng 4.0 build.
2. After reboot, login the OS.
3. Check the auditd.service status

# systemctl status auditd.service
# systemctl is-enabled auditd
disabled


Actual results:
The auditd.service is inactive as default.

Expected results:
The auditd.service is active as default.

Additional info:
Tested on released RHEL 7.2, the auditd.service is active as default.
Comment 1 Ying Cui 2016-06-23 10:42:51 UTC 
I used the default ks file in ISO RHEV-H-7.2-20160622.1-RHVH-x86_64-dvd1.iso.
Comment 2 Ying Cui 2016-08-01 09:15:51 UTC 
VERIFIED on redhat-release-virtualization-host-4.0-0.20.el7.x86_64, imgbased-0.7.2-0.1.el7ev

# rpm -qa redhat-release-virtualization-host imgbased
imgbased-0.7.2-0.1.el7ev.noarch
redhat-release-virtualization-host-4.0-0.20.el7.x86_64

# systemctl status auditd.service
● auditd.service - Security Auditing Service
   Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2016-08-01 09:11:13 CST; 1min 33s ago
  Process: 962 ExecStartPost=/sbin/augenrules --load (code=exited, status=0/SUCCESS)
 Main PID: 961 (auditd)
   CGroup: /system.slice/auditd.service
           └─961 /sbin/auditd -n

Aug 01 09:11:13 dhcp-8-127.nay.redhat.com auditd[961]: Init complete, auditd ...
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: No rules
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: enabled 1
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: flag 1
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: pid 961
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: rate_limit 0
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: backlog_limit 320
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: lost 0
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: backlog 1
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com systemd[1]: Started Security Auditi...
Hint: Some lines were ellipsized, use -l to show in full.
# systemctl is-enabled auditd
enabled

After the RHVH installation, the auditd.service is active as default.