Bug 654883 - service auditd restart output in immutable mode is not clear.
Summary: service auditd restart output in immutable mode is not clear.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: audit
Version: 5.5
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Steve Grubb
QA Contact: Ondrej Moriš
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-11-18 22:39 UTC by Raghu Udiyar
Modified: 2018-11-26 18:11 UTC (History)
1 user (show)

Fixed In Version: audit-1.8-1.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-21 06:37:53 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0265 0 normal SHIPPED_LIVE audit bug fix and enhancement update 2012-02-20 15:06:31 UTC

Description Raghu Udiyar 2010-11-18 22:39:51 UTC 
Description of problem:

When auditd is in immutable mode and auditd service is restarted you get the message "The audit system is in immutable mode, no rules loaded." 

This is confusing. Since the original rules are loaded. Its' just that once they are loaded they can't be changed without a reboot.

Perhaps "The audit system is in immutable mode, no changes allowed" would be more clear.


Version-Release number of selected component (if applicable): audit-1.7.17-3.el5


How reproducible: Always


Steps to Reproduce:
1. Add "-e 2" to /etc/audit/audit.rules file.
2. Run "service auditd restart". This puts audit in immutable mode.
3. Any subsequent attempt to restart the service throws the message : "The audit system is in immutable mode, no rules loaded"
  
Actual results: The message is unclear and misleading.


Expected results: "no rules loaded" should be changed to something else.


Additional info:
Comment 1 Steve Grubb 2011-01-15 14:42:16 UTC 
Patch committed upstream.
Comment 2 Raghu Udiyar 2011-01-17 11:02:48 UTC 
Thank you.
Comment 4 Steve Grubb 2011-10-27 15:39:01 UTC 
audit-1.8-1.el5 was built to address this problem.
Comment 7 errata-xmlrpc 2012-02-21 06:37:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0265.html
Note You need to log in before you can comment on or make changes to this bug.