Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:bmwiedemann:reproducible:distribution:ring0rb
audit
enable-stop-rules.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File enable-stop-rules.patch of Package audit
From: Enzo Matsumiya <ematsumiya@suse.de> Subject: init.d/auditd.service: enable ExecStopPost directive in auditd.service References: bsc#1190227 This has caused confusion for customers when relating stopping auditd service is the same as stopping system auditing. This is completely understandable, but it's by design, so kauditd can keep filling its queues for any other userspace daemon to consume. Disable audit when auditd.service stops, so kauditd stops logging/running. Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de> Index: audit-3.0.9/init.d/auditd.service =================================================================== --- audit-3.0.9.orig/init.d/auditd.service +++ audit-3.0.9/init.d/auditd.service @@ -25,9 +25,9 @@ ExecStart=/sbin/auditd ## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/ ExecStartPost=-/sbin/augenrules --load #ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules -# By default we don't clear the rules on exit. To enable this, uncomment +# By default we clear the rules on exit. To disable this, comment # the next line after copying the file to /etc/systemd/system/auditd.service -#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules +ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules Restart=on-failure # Do not restart for intentional exits. See EXIT CODES section in auditd(8). RestartPreventExitStatus=2 4 6
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
