Management of auditd is missing #182
Comments
|
Just to be sure (as this topic is totally new for me): I'm getting these errors now Is this issue here the cause of it and is #191 the solution? |
|
@alexanderadam it looks a bit weird. Even before #191 we were just installing |
|
@artem-sidorenko this happened on Ubuntu xenial on a VPS. In case that makes any difference. I purged $ sudo apt install auditd
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
audispd-plugins
The following NEW packages will be installed:
auditd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/192 kB of archives.
After this operation, 626 kB of additional disk space will be used.
Selecting previously unselected package auditd.
(Reading database ... 49703 files and directories currently installed.)
Preparing to unpack .../auditd_1%3a2.4.5-1ubuntu2.1_amd64.deb ...
Unpacking auditd (1:2.4.5-1ubuntu2.1) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for systemd (229-4ubuntu21.1) ...
Setting up auditd (1:2.4.5-1ubuntu2.1) ...
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
Job for auditd.service failed because the control process exited with error code. See "systemctl status auditd.service" and "journalctl -xe" for details.
invoke-rc.d: initscript auditd, action "start" failed.
● auditd.service - Security Auditing Service
Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mit 2018-02-21 13:36:26 CET; 15ms ago
Process: 14713 ExecStartPost=/sbin/auditctl -R /etc/audit/audit.rules (code=exited, status=0/SUCCESS)
Process: 14712 ExecStart=/sbin/auditd -n (code=exited, status=1/FAILURE)
Main PID: 14712 (code=exited, status=1/FAILURE)
Feb 21 13:36:26 some.host.name auditd[14712]: Started dispatcher: /sbin/audispd pid: 14716
Feb 21 13:36:26 some.host.name audispd[14716]: priority_boost_parser called with: 4
dpkg: error processing package auditd (--configure):
subprocess installed post-installation script returned error exit status 1
Processing triggers for systemd (229-4ubuntu21.1) ...
Errors were encountered while processing:
auditd
E: Sub-process /usr/bin/dpkg returned an error code (1)I will open another issue for making |
|
Should we rely on https://github.com/chef-cookbooks/auditd for that? |
dev-sec/chef-os-hardening#182 Signed-off-by: Gavin Reynolds <gavin@chef.io>
|
@artem-sidorenko Do you think we should stick to the official auditd cookbook and try to use that for configuration? |
|
@chris-rock usually yes - if it works, can be easily done and saves implementation/maintenance efforts. On the other side - if our own implementation ends up in just a simple template/service/file resource, when we should avoid the dependency from my view. |
|
Is this stuck waiting on someone to rebase #191? |
|
@b-dean It would definitely make live for reviewers a lot easier. |
|
@chris-rock I'm not sure how I can update his PR, or if I should make another one, but I rebased @bablakely's |
|
@b-dean that looks great! May I ask you to open a new PR? |
Tests for it are included in the linux-baseline, but we do not have any implementation within this cookbook (See #181)
The text was updated successfully, but these errors were encountered: