SLFO-pool/audit
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
audit/fix-hardened-service.patch

33 lines
1.0 KiB
Diff
Raw Permalink Normal View History

Sync from SUSE:SLFO:Main audit revision b45ec063c4e7856d1bf1ea7fa6a46c44
2024-05-03 11:11:31 +02:00
From: Enzo Matsumiya <ematsumiya@suse.de>
Subject: init.d/auditd.service: make /etc/audit writable
References: bsc#1181400
systemd hardening effort (bsc#1181400) broke auditd.service when starting/
restarting it. This was because auditd couldn't save/create audit.rules from
/etc/audit/rules.d/* files.
Make /etc/audit writable for the service.
Also remove PrivateDevices=true so /dev/* are exposed to auditd.
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
Sync from SUSE:SLFO:Main audit revision ffd72b38aef75051423272adc56880c1
2024-08-30 15:41:46 +02:00
Index: audit-3.1.1/init.d/auditd.service
Sync from SUSE:SLFO:Main audit revision b45ec063c4e7856d1bf1ea7fa6a46c44
2024-05-03 11:11:31 +02:00
===================================================================
Sync from SUSE:SLFO:Main audit revision ffd72b38aef75051423272adc56880c1
2024-08-30 15:41:46 +02:00
--- audit-3.1.1.orig/init.d/auditd.service
+++ audit-3.1.1/init.d/auditd.service
@@ -42,12 +42,12 @@ RestrictRealtime=true
Sync from SUSE:SLFO:Main audit revision b45ec063c4e7856d1bf1ea7fa6a46c44
2024-05-03 11:11:31 +02:00
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
-PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelLogs=true
# end of automatic additions
+ReadWritePaths=/etc/audit
[Install]
WantedBy=multi-user.target
Reference in New Issue Copy Permalink