Bug 177638 - auditing is enabled by default
auditing is enabled by default
Product: Fedora
Classification: Fedora
Component: audit (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Steve Grubb
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2006-01-12 11:35 EST by David Woodhouse
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-01-12 14:15:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description David Woodhouse 2006-01-12 11:35:49 EST
In a fresh FC5t2 install, system call auditing got enabled by default, which is
going to massively reduce system performance. We really shouldn't do this.
Comment 1 Bill Nottingham 2006-01-12 11:38:11 EST
You mean a) the audit daemon b) the kernel config option c) something else?
Comment 2 David Woodhouse 2006-01-12 11:53:42 EST
The init script for the audit dæmon, which is installed and runs by default,
enables syscall auditing. It's like running every process on the system under
Comment 3 Bill Nottingham 2006-01-12 11:58:55 EST
Assinging to package maintainer to turn it off by default.
Comment 4 Steve Grubb 2006-01-12 12:55:39 EST
Bill, the audit package was not supposed to be selected by default. Its an
optional package that someone should pick to be installed. I think this was the
arrangement that we made for RHEL4.

Regarding the init script, I have a patch in the package to turn off audit by
default, but we are still in test mode. When we get closer to a real release,
I'll turn it off. There have been kernel bugs found recently by having it on.
Comment 5 Bill Nottingham 2006-01-12 14:15:23 EST
Moved in comps from a 'default on' package in the Core group to an optional
package in the 'System Tools' group. Note, this may not make test2.

Note You need to log in before you can comment on or make changes to this bug.