Bug 1026815 - Stateless: /etc/rwtab does not contains /var/log/audit/audit.log
Stateless: /etc/rwtab does not contains /var/log/audit/audit.log
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: initscripts (Show other bugs)
7.0
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: initscripts Maintenance Team
Branislav Blaškovič
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-05 08:40 EST by Branislav Blaškovič
Modified: 2016-11-25 07:57 EST (History)
1 user (show)

See Also:
Fixed In Version: initscripts-9.49.7-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-13 07:53:00 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Branislav Blaškovič 2013-11-05 08:40:26 EST
Description of problem:
/etc/rwtab does not contains /var/log/audit/audit.log

Version-Release number of selected component (if applicable):
initscripts-9.49.6-1.el7.x86_64

Additional information:
auditd service is not running by default.

# systemctl status auditd
auditd.service - Security Auditing Service
   Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled)
   Active: failed (Result: exit-code) since Tue 2013-11-05 14:38:19 CET; 1min 39s ago
  Process: 608 ExecStartPost=/sbin/auditctl -R /etc/audit/audit.rules (code=exited, status=0/SUCCESS)
  Process: 607 ExecStart=/sbin/auditd -n (code=exited, status=6)
 Main PID: 607 (code=exited, status=6)

Nov 05 14:38:19 rhel7.virtual auditd[607]: Could not open dir /var/log/audit (Permission denied)
Nov 05 14:38:19 rhel7.virtual auditd[607]: The audit daemon is exiting.
Nov 05 14:38:19 rhel7.virtual systemd[1]: auditd.service: main process exited, code=exited, status=6/NOTCONFIGURED
Nov 05 14:38:19 rhel7.virtual auditctl[608]: No rules
Nov 05 14:38:19 rhel7.virtual auditctl[608]: AUDIT_STATUS: enabled=0 flag=1 pid=0 rate_limit=0 backlog_limit=320 lost=0 backlog=0
Nov 05 14:38:19 rhel7.virtual systemd[1]: Failed to start Security Auditing Service.
Nov 05 14:38:19 rhel7.virtual systemd[1]: Unit auditd.service entered failed state.
Comment 3 Branislav Blaškovič 2014-02-03 06:17:01 EST
initscripts-9.49.12-2.el7

:: [ 05:22:12 ] :: [ INFO    ] :: rlRun: command = 'cat /etc/rwtab'; exitcode = 0; expected = 0
:: [   PASS   ] :: Running 'cat /etc/rwtab' (Expected 0, got 0)
:: [   PASS   ] :: File '/var/tmp/tmp.niwyvybjrt' should contain '/var/log/audit/audit.log' 

VERIFIED
Comment 4 Ludek Smid 2014-06-13 07:53:00 EDT
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.