1. Set num_logs=0 in /etc/audit/auditd.conf
2. Restart auditd
3. run "killall -USR1 auditd" to attempt log rotation
4. Try to restart auditd:
Sep 28 11:38:18 test auditd: /var/log/audit/audit.log permissions should be 0640
Sep 28 11:38:18 test auditd: The audit daemon is exiting.
The log rotation code changes the permissions on the log file before trying to
move it. It shouldn't do that as it won't rotate anything with num_logs=0
Created attachment 137532 [details]
Patch from firstname.lastname@example.org to fix the problem
Will probably need indentation changes
Will review problem and fix in 1.2.9. There is probably a more general solution
needed since it should never enter the rotate code if num_logs == 0.
audit-1.2.8-2 was built to solve this problem. Thanks for reporting it.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release. Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release. This request is not yet committed for
Thank you for the detailed test case. Marking as VERIFIED
audit-1.3.1-1.el5 included in 20061218.1 trees.