Red Hat Bugzilla – Bug 654883
service auditd restart output in immutable mode is not clear.
Last modified: 2012-02-21 01:37:53 EST
Description of problem:
When auditd is in immutable mode and auditd service is restarted you get the message "The audit system is in immutable mode, no rules loaded."
This is confusing. Since the original rules are loaded. Its' just that once they are loaded they can't be changed without a reboot.
Perhaps "The audit system is in immutable mode, no changes allowed" would be more clear.
Version-Release number of selected component (if applicable): audit-1.7.17-3.el5
How reproducible: Always
Steps to Reproduce:
1. Add "-e 2" to /etc/audit/audit.rules file.
2. Run "service auditd restart". This puts audit in immutable mode.
3. Any subsequent attempt to restart the service throws the message : "The audit system is in immutable mode, no rules loaded"
Actual results: The message is unclear and misleading.
Expected results: "no rules loaded" should be changed to something else.
Patch committed upstream.
audit-1.8-1.el5 was built to address this problem.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.