Is it necessary to have auditing on by default, i.e. the audit service configured to run in runlevels 235? I've now suffered from three bugs as a side-effect from this and never really needed auditing anyway. Nice feature, but why not make it a "chkconfig audit on" away?
Laus is an optional package. Is it being installed in the default install? The opinion of QA was that if you're going to install an optional package you probably intend for it to run...
Is it really optional? I see laus listed as mandatory in the Base group in comps.
It shouldn't be mandatory. Laus-libs should always get picked up because PAM is mandatory but there's nothing that says you have to install the daemon...
Ever try just not starting/installing the daemon? See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131860 for more info. It is not that simple and so far other than the info in the bug it is undocumented. IMO having laus install by default is a big PITA. I suspect a lot of machines do not need it, and the ones that do are smart enough to set it up. The amount of disk space the thing uses in an out of the box configutation is just plain crazy.
I installed two machines using U3 ISOs from RHN. Somehow Laus got installed. So it seems that it got installed and turned on by default as I didn't remember specifically intending to install it (I didn't even know what it is until recently). Another machine that I installed using the original release RHEL 3 and brought it up2date to U3 doesn't have Laus in it. So it seems that only if you install using U3 ISO it got installed by default. Trying to "chkconfig audit off" and even "rpm -e Laus", I now get the problem described in https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131860.
This bug is now fixed in laus-0.1-67RHEL3, which should be in RHEL-3-U5, and which meanwhile can be downloaded from: http://people.redhat.com/~jvdias/laus/ The audit service is now off by default after clean installs now that bug 130071 is fixed.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2005-219.html