Bug 177638 - auditing is enabled by default
Summary: auditing is enabled by default
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: audit
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Steve Grubb
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-01-12 16:35 UTC by David Woodhouse
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-01-12 19:15:23 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description David Woodhouse 2006-01-12 16:35:49 UTC 
In a fresh FC5t2 install, system call auditing got enabled by default, which is
going to massively reduce system performance. We really shouldn't do this.
Comment 1 Bill Nottingham 2006-01-12 16:38:11 UTC 
You mean a) the audit daemon b) the kernel config option c) something else?
Comment 2 David Woodhouse 2006-01-12 16:53:42 UTC 
The init script for the audit dæmon, which is installed and runs by default,
enables syscall auditing. It's like running every process on the system under
ptrace.
Comment 3 Bill Nottingham 2006-01-12 16:58:55 UTC 
Assinging to package maintainer to turn it off by default.
Comment 4 Steve Grubb 2006-01-12 17:55:39 UTC 
Bill, the audit package was not supposed to be selected by default. Its an
optional package that someone should pick to be installed. I think this was the
arrangement that we made for RHEL4.

Regarding the init script, I have a patch in the package to turn off audit by
default, but we are still in test mode. When we get closer to a real release,
I'll turn it off. There have been kernel bugs found recently by having it on.
Comment 5 Bill Nottingham 2006-01-12 19:15:23 UTC 
Moved in comps from a 'default on' package in the Core group to an optional
package in the 'System Tools' group. Note, this may not make test2.
Note You need to log in before you can comment on or make changes to this bug.