forked from pool/audit
4de8c602d7
- Update to version 3.0.6:
* fixes a segfault on some SELINUX_ERR records
* makes IPX packet interpretation dependent on the ipx header
file existing
* adds b32/b64 support to ausyscall
* adds support for armv8l
* fixes auditctl list of syscalls on PPC
* auditd.service now restarts auditd under some conditions
- Update to version 3.0.6:
* fixes a segfault on some SELINUX_ERR records
* makes IPX packet interpretation dependent on the ipx header
file existing
* adds b32/b64 support to ausyscall
* adds support for armv8l
* fixes auditctl list of syscalls on PPC
* auditd.service now restarts auditd under some conditions
OBS-URL: https://build.opensuse.org/request/show/930154
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=133
25 lines
1.1 KiB
Diff
25 lines
1.1 KiB
Diff
From: Enzo Matsumiya <ematsumiya@suse.de>
|
|
Subject: init.d/auditd.service: enable ExecStopPost directive in auditd.service
|
|
References: bsc#1190227
|
|
|
|
This has caused confusion for customers when relating stopping auditd service
|
|
is the same as stopping system auditing. This is completely understandable, but
|
|
it's by design, so kauditd can keep filling its queues for any other userspace
|
|
daemon to consume.
|
|
|
|
Disable audit when auditd.service stops, so kauditd stops logging/running.
|
|
|
|
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
|
|
|
|
--- a/init.d/auditd.service
|
|
+++ b/init.d/auditd.service
|
|
@@ -25,7 +25,7 @@ ExecStartPost=-/sbin/augenrules --load
|
|
#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
|
|
# By default we don't clear the rules on exit. To enable this, uncomment
|
|
# the next line after copying the file to /etc/systemd/system/auditd.service
|
|
-#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
|
|
+ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
|
|
Restart=on-failure
|
|
# Do not restart for intentional exits. See EXIT CODES section in auditd(8).
|
|
RestartPreventExitStatus=2 4 6
|