Red Hat Bugzilla – Bug 177638
auditing is enabled by default
Last modified: 2007-11-30 17:11:20 EST
In a fresh FC5t2 install, system call auditing got enabled by default, which is
going to massively reduce system performance. We really shouldn't do this.
You mean a) the audit daemon b) the kernel config option c) something else?
The init script for the audit dÃ¦mon, which is installed and runs by default,
enables syscall auditing. It's like running every process on the system under
Assinging to package maintainer to turn it off by default.
Bill, the audit package was not supposed to be selected by default. Its an
optional package that someone should pick to be installed. I think this was the
arrangement that we made for RHEL4.
Regarding the init script, I have a patch in the package to turn off audit by
default, but we are still in test mode. When we get closer to a real release,
I'll turn it off. There have been kernel bugs found recently by having it on.
Moved in comps from a 'default on' package in the Core group to an optional
package in the 'System Tools' group. Note, this may not make test2.