See the summary. As the network script does it, so should any initscript that relies on sysctl.conf settings. Patch attached below.
Created attachment 104499 [details] audit.initscript.patch Patch from Jose Plans <jmp>
Or edit /etc/modules.conf to add post-install audit sysctl -e -p /etc/sysctl.conf There is documentation to this effect in the HP EAL3 Certification Guide that will be bundled in U4. I'll look at having the U4 laus %post deal with this.
I have the same issue in sysctl.conf - I have updated it with new parameters and after reboot some changes take and some changes don't take. I then thought it may be a syntax issue, but when i do a sysctl -w and then cut-and-paste the line from my sysctl.conf file - it takes perfectly. So - will the line above added to my modules.conf file re-read the sysctl.conf file? Thanks
The line above should read your sysctl.conf.
Created attachment 107828 [details] sysctl.conf
OK Charlie - I tried both things mentioned here. Maybe there is a symtax error in my sysctl.conf file - I will attach the sysctl.conf file for you to look at. Thanks for the help.
Hi Dan - I don't see any audit entries in your sysctl.conf. mine look like this: # audit subsystem defaults dev.audit.max-messages = 1024 dev.audit.paranoia = 0 dev.audit.attach-all = 0 dev.audit.allow-suspend = 1 dev.audit.debug = 0
Thanks Charlie - Are those normal entries to have in the sysctl.conf ? I am a bit new to this so please excuse my ignorance. So - If I put those entries in - will it then read the entry in my modules.conf. I am confused I guess. Like I said - some of the entries get applied, but not all of them. Do I have them in the wrong order ? Thanks again for your help.
Are you asking specifically in the context of the laus auditing driver?
I don't even know what the laus auditing driver is. I hope I am not starting to look like a fool. I just want the sysctl.conf entries to be read properly - just like when I run sysctl -w and they all take just fine. In fact - the "patch" that Bastien gave is odd because I don't have an init script called audit.
Ayuh. This is a bug against the laus package. It provides system call auditing - part of getting RHEL3 it's EAL3 security certification. That being said, let me grab my "generalist" hat. In which instances are you not seeing your sysctl parameters re-read?
After re-boot I cat the /proc entries and see that some of the entries are not taking. The VM and NET entries to be specific. Just wondering if I may have a syntax error. I heard a rumor that this is a known problem and will be fixed in U4. That is sue out this month correct ?
This bug is now fixed in laus-0.1-68RHEL3 . By default, there are NO dev.audit entries in /etc/sysctl.conf . With laus-0.1-68RHEL3, there are now two mechanisms whereby audit sysctl settings can be set when the module is loaded: 1. Create a file with only dev.audit settings, and set the variable 'AUDITSYSCTL=<filename>' in /etc/sysconfig/audit Then the audit initscript will load only these sysctl settings after it loads the module. OR: 2. Put 'dev.audit' settings in /etc/sysctl.conf - these will be loaded after the audit initscript loads the module.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2005-219.html