audit-1.2.5-8 1. Set num_logs=0 in /etc/audit/auditd.conf 2. Restart auditd 3. run "killall -USR1 auditd" to attempt log rotation 4. Try to restart auditd: Sep 28 11:38:18 test auditd: /var/log/audit/audit.log permissions should be 0640 Sep 28 11:38:18 test auditd: The audit daemon is exiting. The log rotation code changes the permissions on the log file before trying to move it. It shouldn't do that as it won't rotate anything with num_logs=0
Created attachment 137532 [details] auditd.fix Patch from srinivds.com to fix the problem Will probably need indentation changes
Will review problem and fix in 1.2.9. There is probably a more general solution needed since it should never enter the rotate code if num_logs == 0.
audit-1.2.8-2 was built to solve this problem. Thanks for reporting it.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux major release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Major release. This request is not yet committed for inclusion.
Thank you for the detailed test case. Marking as VERIFIED
audit-1.3.1-1.el5 included in 20061218.1 trees.