1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1065156: reportbug: auditd fails to start with empty /var

    From Felix Moessbauer@21:1/5 to All on Fri Mar 1 11:10:01 2024
    Package: auditd
    Version: 1:3.0.9-1
    Severity: normal

    Dear Maintainer,

    when running with an initially empty /var partition, the auditd
    currently fails to start as the log directory is not present.

    The attached patch adds a tmpfiles dropin to let systemd create
    the directory on boot. If the directory is already present,
    this is a noop.

    For details, please also see #945269

    Best regards,
    Felix Moessbauer
    Siemens AG

    -- System Information:
    Debian Release: 12.5
    APT prefers stable-updates
    APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
    Architecture: amd64 (x86_64)

    Kernel: Linux 6.5.0-0.deb12.4-amd64 (SMP w/8 CPU threads; PREEMPT)
    Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
    Shell: /bin/sh linked to /usr/bin/dash
    Init: systemd (via /run/systemd/system)
    LSM: AppArmor: enabled

    Versions of packages auditd depends on:
    ii gawk 1:5.2.1-2
    ii init-system-helpers 1.65.2
    ii libaudit1 1:3.0.9-1
    ii libauparse0 1:3.0.9-1
    ii libc6 2.36-9+deb12u4
    ii libcap-ng0 0.8.3-1+b3
    ii libgssapi-krb5-2 1.20.1-2+deb12u1
    ii libkrb5-3 1.20.1-2+deb12u1
    ii libwrap0 7.6.q-32
    ii mawk 1.3.4.20200120-3.1

    auditd recommends no packages.

    Versions of packages auditd suggests:
    pn audispd-plugins <none>

    -- Configuration Files:
    /etc/audit/audit-stop.rules [Errno 13] Permission denied: '/etc/audit/audit-stop.rules'
    /etc/audit/auditd.conf [Errno 13] Permission denied: '/etc/audit/auditd.conf' /etc/audit/plugins.d/af_unix.conf [Errno 13] Permission denied: '/etc/audit/plugins.d/af_unix.conf'
    /etc/audit/plugins.d/syslog.conf [Errno 13] Permission denied: '/etc/audit/plugins.d/syslog.conf'
    /etc/audit/rules.d/audit.rules [Errno 13] Permission denied: '/etc/audit/rules.d/audit.rules'

    -- no debconf information

    *** /tmp/auditd/0001-create-var-log-audit-with-tmpfiles.d-as-well.patch
    From 4ea8f395c270d0dcc5365b40f70ca5e8633c4261 Mon Sep 17 00:00:00 2001
    From: Felix Moessbauer <felix.moessbauer@siemens.com>
    Date: Fri, 1 Mar 2024 10:43:14 +0100
    Subject: [PATCH 1/1] create /var/log/audit with tmpfiles.d as well

    When running with an initially empty /var partition, the auditd
    currently fails to start as the log directory is not present. For that,
    we use tmpfiles.d to let systemd create the directory on boot.
    If the directory is already present, this is a noop.

    For details, please also see #945269

    Reported-by: Sai Sathujoda <Sai.Sathujoda@toshiba-tsip.com>
    Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
    ---
    debian/auditd.tmpfiles | 2 ++
    1 file changed, 2 insertions(+)
    create mode 100644 debian/auditd.tmpfiles

    diff --git a/debian/auditd.tmpfiles b/debian/auditd.tmpfiles
    new file mode 100644
    index 0000000..2f467a8
    --- /dev/null
    +++ b/debian/auditd.tmpfiles
    @@ -0,0 +1,2 @@
    +d /var/log/audit 0700 root adm -
    +
    --
    2.39.2

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)