Bug 165777

Summary: Error in /etc/audit.rules line 5 reported at boot time
Product: [Fedora] Fedora Reporter: J. Erik Hemdal <erik.hemdal>
Component: auditAssignee: Steve Grubb <sgrubb>
Status: CLOSED CURRENTRELEASE QA Contact: Brian Brock <bbrock>
Severity: low Docs Contact:
Priority: medium    
Version: 4   
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: 1.0.2-3 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-08-16 11:09:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description J. Erik Hemdal 2005-08-11 23:57:17 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
I receive the messages

Error sending rule list request (Invalid argument)
Error in line 5 of /etc/audit.rules

at boot time when starting auditd.

Stock FC4 installation with all updates applied on Dell Inspiron 1100 laptop.
I've made no changes to any of the files since installation of FC4.  SELinux is set to "Warn".

Version data:

audit-libs-0.9.19-2.FC4
audit-0.9.19-2.FC4

Contents of /etc/audit.rules:
=============================
# This file contains the auditctl rules that are loaded
# whenever the audit daemon is started via the initscripts.

# First rule - delete all
-D

# Feel free to add below this line. See auditctl man page

# Increase the buffers to survive stress events
-b 256


Version-Release number of selected component (if applicable):
audit-0.9.19-2.FC4

How reproducible:
Always

Steps to Reproduce:
1.Boot the computer and watch messages after auditd starts.
2.
3.
  

Actual Results:  Message appears.

Expected Results:  No messages.

Additional info:

This appears to be a minor issue, but it suggests a low-quality release if the system delivers errors after an out-of-the-box installation.  I have had no ill effects.
Comment 1 Steve Grubb 2005-08-12 11:12:04 UTC 
This only occurs when you have SE Linux disabled. Have you tried updating to
1.0.2-3? Just released yesterday.
Comment 2 Dusko Dobranic 2005-08-16 10:42:51 UTC 
kernel 2.6.12-1.1398_FC4
audit-libs-1.0.2-3.FC4
audit-1.0.2-3.FC4

When I execute auditctl -D I get:

No rules
File system watches not supported
Comment 3 Steve Grubb 2005-08-16 11:09:42 UTC 
Thanks. Closing based on positive feedback.
Comment 4 J. Erik Hemdal 2005-08-16 13:07:05 UTC 
I haven't seen the new audit via yum yet.  When I get it I will try this.
Comment 5 Steve Grubb 2005-08-16 13:29:07 UTC 
It's been available for 4 days. Mirrors should have sync'ed by now.

http://mirrors.kernel.org/fedora/core/updates/4/

Hope this helps.
Comment 6 J. Erik Hemdal 2005-08-17 00:17:03 UTC 
Fixed by applying audit-1.0.2-3-FC4.