rpm/audit
SHA256
1
0
Fork 0
forked from pool/audit
Code Pull Requests Activity
1b5f7ae8b7
audit/enable-stop-rules.patch
Enzo Matsumiya 09b88829e8 Accepting request 920348 from home:ematsumiya:branches:security 
- Fix hardened auditd.service (bsc#1181400)
  * add fix-hardened-service.patch
    Make /etc/audit read-write from the service.
    Remove PrivateDevices=true to expose /dev/* to auditd.service.
- Enable stop rules for audit.service (cf. bsc#1190227)
  * add enable-stop-rules.patch
- Change default log_format from ENRICHED to RAW (bsc#1190500):
  * add change-default-log_format.patch (SUSE-specific patch)
- Update to version 3.0.5:
  * In auditd, flush uid/gid caches when user/group added/deleted/modified
  * Fixed various issues when dealing with corrupted logs
  * In auditd, check if log_file is valid before closing handle
- Include fixed from 3.0.4:
  * Apply performance speedups to auparse library
  * Optimize rule loading in auditctl
  * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath
  * Update syscall table to the 5.14 kernel
  * Fixed various issues when dealing with corrupted logs
- Update to version 3.0.5:
  * In auditd, flush uid/gid caches when user/group added/deleted/modified
  * Fixed various issues when dealing with corrupted logs
  * In auditd, check if log_file is valid before closing handle
- Include fixed from 3.0.4:
  * Apply performance speedups to auparse library
  * Optimize rule loading in auditctl
  * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath
  * Update syscall table to the 5.14 kernel
  * Fixed various issues when dealing with corrupted logs

OBS-URL: https://build.opensuse.org/request/show/920348
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=129
2021-09-20 16:14:05 +00:00

25 lines
1.0 KiB
Diff
Raw Blame History

From: Enzo Matsumiya <ematsumiya@suse.de>
Subject: init.d/auditd.service: enable ExecStopPost directive in auditd.service
References: bsc#1190227
This has caused confusion for customers when relating stopping auditd service
is the same as stopping system auditing. This is completely understandable, but
it's by design, so kauditd can keep filling its queues for any other userspace
daemon to consume.
Disable audit when auditd.service stops, so kauditd stops logging/running.
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
--- a/init.d/auditd.service
+++ b/init.d/auditd.service
@@ -25,7 +25,7 @@ ExecStartPost=-/sbin/augenrules --load
#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
# By default we don't clear the rules on exit. To enable this, uncomment
# the next line after copying the file to /etc/systemd/system/auditd.service
-#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
+ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
### Security Settings ###
MemoryDenyWriteExecute=true
View Git Blame Copy Permalink