Red Hat Bugzilla – Bug 427062
audit-1.6.4-1.fc9 won't start: wants /var/log/audit/audit.log to be 640
Last modified: 2007-12-31 09:29:53 EST
Description of problem:
Booting today with audit-1.6.4-1.fc9, auditd failed to start up:
Dec 30 11:05:34 localhost auditd: /var/log/audit/audit.log permissions should be
Dec 30 11:05:34 localhost auditd: The audit daemon is exiting.
Dec 30 11:05:34 localhost kernel: audit(1199041534.187:4):
audit_backlog_limit=320 old=64 by auid=4294967295
Dec 30 11:05:34 localhost kernel: audit(1199041534.187:5):
audit_backlog_limit=320 old=64 by auid=4294967295 res=1
/var/log/audit/audit.log's mode was 600.
Changing the mode to 640 makes it work, but is this test right? Should the mode
be changed in the post install script?
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Should be fixed in audit-1.6.4-3. I forgot to change the config parser to allow
both 0600 and 0640 for the logs. Thanks for reporting the bug.