Bug 1601296

Summary: auditd service does not start on new installation with DISA STIG security profile
Product: Red Hat Enterprise Linux 7 Reporter: kimball58 <isleno>
Component: scap-security-guideAssignee: Watson Yuuma Sato <wsato>
Status: CLOSED ERRATA QA Contact: Matus Marhefka <mmarhefk>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.5CC: jcerny, mhaicman, mpreisle, openscap-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: scap-security-guide-0.1.39-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 11:46:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description kimball58 2018-07-16 01:10:15 UTC 
Description of problem: Fresh installation with DISA STIG security profile includes a misconfigured /etc/audit/auditd.conf file which does not allow the auditd service to start. Refer to https://github.com/OpenSCAP/scap-security-guide/issues/2553 and note the "Actual Results" and "Expected Results" sections.

Version-Release number of selected component (if applicable): unknown

How reproducible: 100%

Steps to Reproduce:
(1) Install from installation media
-minimal load
-set network and hostname
-default partitioning
-DISA STIG security profile
(2) Set root password and create administrative user during installation (STIG profile will not allow root login at console)
(3) Reboot after installation
(4) Log in as administrative user, execute sudo -s
(5) Run "systemctl status auditd" and review output
(6) Review contents of /etc/audit/auditd.conf

Actual results:
auditd service fails to start with errors

Expected results:
auditd service starts

Additional info:
Manually editing auditd.conf in accordance with the "Expected Results" section of the OpenSCAP bug report allows the auditd service to start normally.
Comment 2 Jan Černý 2018-07-16 06:56:19 UTC 
This issue has been fixed upstream in https://github.com/OpenSCAP/scap-security-guide/pull/2554
Switching the BZ to a correct component.
Comment 7 errata-xmlrpc 2018-10-30 11:46:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3308