On Sat, 2007-12-29 at 10:44 -0500, Steve Grubb wrote: > Hi, > > I've just released a new version of the audit daemon. It can be downloaded > from http://people.redhat.com/sgrubb/audit It will also be in rawhide > soon. The Changelog is: > > - fchmod of log file was on wrong variable > - Allow use of errno strings for exit codes in audit rules > > This release fixes a major bug that got introduced in the last release. The > code that fixes a permission problem was using the wrong variable. It happens > that the result was applied to /dev/null instead of the audit log. If you had > > selinux in enforcing mode - nothing happened, for everyone else.../dev/null > probably got messed up. Oopsie.
close, so close. Now auditd is fchmoding /var/log/audit/audit.log to 600 and everything works fine. But run 'service auditd restart' or just reboot and audit will refuse to start! Dec 30 11:53:43 dhcp231-146 auditd: /var/log/audit/audit.log permissions should be 0640 But at least this time it isn't breaking the whole system :) -Eric -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
