Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1349366

Summary:	auditd.service should not be inactive as default in rhevh-ng 4.0
Product:	[oVirt] ovirt-node	Reporter:	Ying Cui <ycui>
Component:	Installation & Update	Assignee:	Ryan Barry <rbarry>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Ying Cui <ycui>
Severity:	medium	Docs Contact:
Priority:	high
Version:	4.0	CC:	bugs, cshao, dfediuck, rbarry, weiwang
Target Milestone:	ovirt-4.0.1	Flags:	dfediuck: ovirt-4.0.z+ rule-engine: planning_ack+ fdeutsch: devel_ack+ ycui: testing_ack+
Target Release:	4.0
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	redhat-release-virtualization-host-4.0-0.16.el7	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2016-08-04 13:31:31 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	Node	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Ying Cui 2016-06-23 10:34:06 UTC

Description of problem:
The auditd.service is an important service, it will track security relevant information. But in rhevh-ng 4.0, the default is inactive, and no /var/audit/audit.log generated.

So it should be active as default after rhevh-ng installation.

Version-Release number of selected component (if applicable):
rhev-hypervisor7-ng-4.0-20160622.1
imgbased-0.7.0-0.1.el7ev.noarch


How reproducible:
100%

Steps to Reproduce:
1. Interactive installed rhevh-ng 4.0 build.
2. After reboot, login the OS.
3. Check the auditd.service status

# systemctl status auditd.service
# systemctl is-enabled auditd
disabled


Actual results:
The auditd.service is inactive as default.

Expected results:
The auditd.service is active as default.

Additional info:
Tested on released RHEL 7.2, the auditd.service is active as default.

Comment 1 Ying Cui 2016-06-23 10:42:51 UTC

I used the default ks file in ISO RHEV-H-7.2-20160622.1-RHVH-x86_64-dvd1.iso.

Comment 2 Ying Cui 2016-08-01 09:15:51 UTC

VERIFIED on redhat-release-virtualization-host-4.0-0.20.el7.x86_64, imgbased-0.7.2-0.1.el7ev

# rpm -qa redhat-release-virtualization-host imgbased
imgbased-0.7.2-0.1.el7ev.noarch
redhat-release-virtualization-host-4.0-0.20.el7.x86_64

# systemctl status auditd.service
● auditd.service - Security Auditing Service
   Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2016-08-01 09:11:13 CST; 1min 33s ago
  Process: 962 ExecStartPost=/sbin/augenrules --load (code=exited, status=0/SUCCESS)
 Main PID: 961 (auditd)
   CGroup: /system.slice/auditd.service
           └─961 /sbin/auditd -n

Aug 01 09:11:13 dhcp-8-127.nay.redhat.com auditd[961]: Init complete, auditd ...
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: No rules
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: enabled 1
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: flag 1
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: pid 961
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: rate_limit 0
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: backlog_limit 320
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: lost 0
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com augenrules[962]: backlog 1
Aug 01 09:11:13 dhcp-8-127.nay.redhat.com systemd[1]: Started Security Auditi...
Hint: Some lines were ellipsized, use -l to show in full.
# systemctl is-enabled auditd
enabled

After the RHVH installation, the auditd.service is active as default.