Hide Forgot
Description of problem: /etc/rwtab does not contains /var/log/audit/audit.log Version-Release number of selected component (if applicable): initscripts-9.49.6-1.el7.x86_64 Additional information: auditd service is not running by default. # systemctl status auditd auditd.service - Security Auditing Service Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled) Active: failed (Result: exit-code) since Tue 2013-11-05 14:38:19 CET; 1min 39s ago Process: 608 ExecStartPost=/sbin/auditctl -R /etc/audit/audit.rules (code=exited, status=0/SUCCESS) Process: 607 ExecStart=/sbin/auditd -n (code=exited, status=6) Main PID: 607 (code=exited, status=6) Nov 05 14:38:19 rhel7.virtual auditd[607]: Could not open dir /var/log/audit (Permission denied) Nov 05 14:38:19 rhel7.virtual auditd[607]: The audit daemon is exiting. Nov 05 14:38:19 rhel7.virtual systemd[1]: auditd.service: main process exited, code=exited, status=6/NOTCONFIGURED Nov 05 14:38:19 rhel7.virtual auditctl[608]: No rules Nov 05 14:38:19 rhel7.virtual auditctl[608]: AUDIT_STATUS: enabled=0 flag=1 pid=0 rate_limit=0 backlog_limit=320 lost=0 backlog=0 Nov 05 14:38:19 rhel7.virtual systemd[1]: Failed to start Security Auditing Service. Nov 05 14:38:19 rhel7.virtual systemd[1]: Unit auditd.service entered failed state.
initscripts-9.49.12-2.el7 :: [ 05:22:12 ] :: [ INFO ] :: rlRun: command = 'cat /etc/rwtab'; exitcode = 0; expected = 0 :: [ PASS ] :: Running 'cat /etc/rwtab' (Expected 0, got 0) :: [ PASS ] :: File '/var/tmp/tmp.niwyvybjrt' should contain '/var/log/audit/audit.log' VERIFIED
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request.