forked from pool/audit
c309536630
- Use %autosetup - Don't include sample rules as %doc, they're already installed as normal files - Fix create-augenrules-service.patch: * auditd.service needs to require augenrules.service, not the other way around - Fix documentation for enable-stop-rules.patch OBS-URL: https://build.opensuse.org/request/show/934558 OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=134
30 lines
1.4 KiB
Diff
30 lines
1.4 KiB
Diff
From: Enzo Matsumiya <ematsumiya@suse.de>
|
|
Subject: init.d/auditd.service: enable ExecStopPost directive in auditd.service
|
|
References: bsc#1190227
|
|
|
|
This has caused confusion for customers when relating stopping auditd service
|
|
is the same as stopping system auditing. This is completely understandable, but
|
|
it's by design, so kauditd can keep filling its queues for any other userspace
|
|
daemon to consume.
|
|
|
|
Disable audit when auditd.service stops, so kauditd stops logging/running.
|
|
|
|
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
|
|
|
|
Index: audit-3.0.6/init.d/auditd.service
|
|
===================================================================
|
|
--- audit-3.0.6.orig/init.d/auditd.service
|
|
+++ audit-3.0.6/init.d/auditd.service
|
|
@@ -23,9 +23,9 @@ ExecStart=/sbin/auditd
|
|
## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
|
|
ExecStartPost=-/sbin/augenrules --load
|
|
#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
|
|
-# By default we don't clear the rules on exit. To enable this, uncomment
|
|
+# By default we clear the rules on exit. To disable this, comment
|
|
# the next line after copying the file to /etc/systemd/system/auditd.service
|
|
-#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
|
|
+ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
|
|
Restart=on-failure
|
|
# Do not restart for intentional exits. See EXIT CODES section in auditd(8).
|
|
RestartPreventExitStatus=2 4 6
|