Bug 1349366 - auditd.service should not be inactive as default in rhevh-ng 4.0
Summary: auditd.service should not be inactive as default in rhevh-ng 4.0
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-node
Classification: oVirt
Component: Installation & Update
Version: 4.0
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ovirt-4.0.1
: 4.0
Assignee: Ryan Barry
QA Contact: Ying Cui
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-06-23 10:34 UTC by Ying Cui
Modified: 2016-08-04 13:31 UTC (History)
5 users (show)

Fixed In Version: redhat-release-virtualization-host-4.0-0.16.el7
Clone Of:
Environment:
Last Closed: 2016-08-04 13:31:31 UTC
oVirt Team: Node
Embargoed:
dfediuck: ovirt-4.0.z+
rule-engine: planning_ack+
fdeutsch: devel_ack+
ycui: testing_ack+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 60535 0 None None None 2016-07-11 17:16:16 UTC
oVirt gerrit 60536 0 None None None 2016-07-11 17:15:59 UTC

Description Ying Cui 2016-06-23 10:34:06 UTC 
Description of problem:
The auditd.service is an important service, it will track security relevant information. But in rhevh-ng 4.0, the default is inactive, and no /var/audit/audit.log generated.

So it should be active as default after rhevh-ng installation.

Version-Release number of selected component (if applicable):
rhev-hypervisor7-ng-4.0-20160622.1
imgbased-0.7.0-0.1.el7ev.noarch


How reproducible:
100%

Steps to Reproduce:
1. Interactive installed rhevh-ng 4.0 build.
2. After reboot, login the OS.
3. Check the auditd.service status

# systemctl status auditd.service
# systemctl is-enabled auditd
disabled


Actual results:
The auditd.service is inactive as default.

Expected results:
The auditd.service is active as default.

Additional info:
Tested on released RHEL 7.2, the auditd.service is active as default.
Comment 1 Ying Cui 2016-06-23 10:42:51 UTC 
I used the default ks file in ISO RHEV-H-7.2-20160622.1-RHVH-x86_64-dvd1.iso.
Comment 2 Ying Cui 2016-08-01 09:15:51 UTC 
VERIFIED on redhat-release-virtualization-host-4.0-0.20.el7.x86_64, imgbased-0.7.2-0.1.el7ev

# rpm -qa redhat-release-virtualization-host imgbased
imgbased-0.7.2-0.1.el7ev.noarch
redhat-release-virtualization-host-4.0-0.20.el7.x86_64

# systemctl status auditd.service
● auditd.service - Security Auditing Service
   Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2016-08-01 09:11:13 CST; 1min 33s ago
  Process: 962 ExecStartPost=/sbin/augenrules --load (code=exited, status=0/SUCCESS)
 Main PID: 961 (auditd)
   CGroup: /system.slice/auditd.service
           └─961 /sbin/auditd -n

Aug 01 09:11:13 dhcp-8-127.nay.redhat.com auditd[961]: Init complete, auditd ...
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: No rules
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: enabled 1
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: flag 1
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: pid 961
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: rate_limit 0
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: backlog_limit 320
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: lost 0
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: backlog 1
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com systemd[1]: Started Security Auditi...
Hint: Some lines were ellipsized, use -l to show in full.
# systemctl is-enabled auditd
enabled

After the RHVH installation, the auditd.service is active as default.
Note You need to log in before you can comment on or make changes to this bug.