Package: auditd
Version: 1:3.0.9-1
Severity: normal
Dear Maintainer,
when running with an initially empty /var partition, the auditd
currently fails to start as the log directory is not present.
The attached patch adds a tmpfiles dropin to let systemd create
the directory on boot. If the directory is already present,
this is a noop.
For details, please also see #945269
Best regards,
Felix Moessbauer
Siemens AG
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.5.0-0.deb12.4-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages auditd depends on:
ii gawk 1:5.2.1-2
ii init-system-helpers 1.65.2
ii libaudit1 1:3.0.9-1
ii libauparse0 1:3.0.9-1
ii libc6 2.36-9+deb12u4
ii libcap-ng0 0.8.3-1+b3
ii libgssapi-krb5-2 1.20.1-2+deb12u1
ii libkrb5-3 1.20.1-2+deb12u1
ii libwrap0 7.6.q-32
ii mawk 1.3.4.20200120-3.1
auditd recommends no packages.
Versions of packages auditd suggests:
pn audispd-plugins <none>
-- Configuration Files:
/etc/audit/audit-stop.rules [Errno 13] Permission denied: '/etc/audit/audit-stop.rules'
/etc/audit/auditd.conf [Errno 13] Permission denied: '/etc/audit/auditd.conf' /etc/audit/plugins.d/af_unix.conf [Errno 13] Permission denied: '/etc/audit/plugins.d/af_unix.conf'
/etc/audit/plugins.d/syslog.conf [Errno 13] Permission denied: '/etc/audit/plugins.d/syslog.conf'
/etc/audit/rules.d/audit.rules [Errno 13] Permission denied: '/etc/audit/rules.d/audit.rules'
-- no debconf information
*** /tmp/auditd/0001-create-var-log-audit-with-tmpfiles.d-as-well.patch
From 4ea8f395c270d0dcc5365b40f70ca5e8633c4261 Mon Sep 17 00:00:00 2001
From: Felix Moessbauer <
felix.moessbauer@siemens.com>
Date: Fri, 1 Mar 2024 10:43:14 +0100
Subject: [PATCH 1/1] create /var/log/audit with tmpfiles.d as well
When running with an initially empty /var partition, the auditd
currently fails to start as the log directory is not present. For that,
we use tmpfiles.d to let systemd create the directory on boot.
If the directory is already present, this is a noop.
For details, please also see #945269
Reported-by: Sai Sathujoda <
Sai.Sathujoda@toshiba-tsip.com>
Signed-off-by: Felix Moessbauer <
felix.moessbauer@siemens.com>
---
debian/auditd.tmpfiles | 2 ++
1 file changed, 2 insertions(+)
create mode 100644 debian/auditd.tmpfiles
diff --git a/debian/auditd.tmpfiles b/debian/auditd.tmpfiles
new file mode 100644
index 0000000..2f467a8
--- /dev/null
+++ b/debian/auditd.tmpfiles
@@ -0,0 +1,2 @@
+d /var/log/audit 0700 root adm -
+
--
2.39.2
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)