On Tue, Nov 29, 2011 at 11:20:35AM -0500, Steve Grubb wrote: > On Tuesday, November 22, 2011 05:52:32 AM Stephen Quinney wrote: > > However, I'm struggling to debug why it is failing each time. All I get > > back from > > the daemon is an exit code of 1, this seems to mean "generic or unspecified > > error", > > and no useful error messages so I'm a bit stuck on what to do next. > > > > Any suggestions? > > Have you looked in syslog? Generally the audit daemon writes about any > problem it runs > into there. >
I have finally tracked down what was going on here. The daemon only fails to start at boot time when the action_mail_acct configuration option is set. A look in the audit_config.c code reveals that the email address is passed through the validate_email() function which uses gethostbyname() to check the host. Although the network is up before auditd starts, at that point in the boot sequence there are no reachable DNS servers. This is due to a local configuration oddity with the resolv.conf file. Moving auditd to later in the boot sequence resolves the problem. Stephen Quinney -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
