Public bug reported:
Hello, I lost my audit rules when upgrading from 16.04 LTS to 18.04 LTS.
I had a moderately extensive list of custom rules in
/etc/audit/audit.rules and eventually realized that I was seeing far
fewer audit events after my upgrade to 18.04 LTS.
My rules were moved aside to /etc/audit/audit.rules.prev and a fairly
useless generic set were installed in /etc/audit/audit.rules.
Because I hadn't read /usr/share/doc/auditd/NEWS.Debian.gz I hadn't
realized that this file was automatically generated on restarts, so
mv'ing my old file back in place and restarting means my rules are gone.
I can't recall any other package that replaces working local
configuration with package default on upgrade. For an *auditing* package
it may even place businesses into non-compliance with rules and
regulation. For me it's just an annoyance and a reminder that I need a
better backup solution.
Thanks
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: auditd 1:2.8.2-1ubuntu1
ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
Uname: Linux 4.15.0-20-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
Date: Tue May 29 17:07:25 2018
InstallationDate: Installed on 2012-10-18 (2049 days ago)
InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64
(20120823.1)
ProcEnviron:
TERM=rxvt-unicode-256color
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: audit
UpgradeStatus: Upgraded to bionic on 2018-05-02 (28 days ago)
mtime.conffile..etc.audit.audit.rules: 2018-05-29T17:01:29.487114
** Affects: audit (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug bionic
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to audit in Ubuntu.
https://bugs.launchpad.net/bugs/1774083
Title:
auditd upgrade appeared to remove my rules
Status in audit package in Ubuntu:
New
Bug description:
Hello, I lost my audit rules when upgrading from 16.04 LTS to 18.04
LTS. I had a moderately extensive list of custom rules in
/etc/audit/audit.rules and eventually realized that I was seeing far
fewer audit events after my upgrade to 18.04 LTS.
My rules were moved aside to /etc/audit/audit.rules.prev and a fairly
useless generic set were installed in /etc/audit/audit.rules.
Because I hadn't read /usr/share/doc/auditd/NEWS.Debian.gz I hadn't
realized that this file was automatically generated on restarts, so
mv'ing my old file back in place and restarting means my rules are
gone.
I can't recall any other package that replaces working local
configuration with package default on upgrade. For an *auditing*
package it may even place businesses into non-compliance with rules
and regulation. For me it's just an annoyance and a reminder that I
need a better backup solution.
Thanks
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: auditd 1:2.8.2-1ubuntu1
ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
Uname: Linux 4.15.0-20-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
Date: Tue May 29 17:07:25 2018
InstallationDate: Installed on 2012-10-18 (2049 days ago)
InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64
(20120823.1)
ProcEnviron:
TERM=rxvt-unicode-256color
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: audit
UpgradeStatus: Upgraded to bionic on 2018-05-02 (28 days ago)
mtime.conffile..etc.audit.audit.rules: 2018-05-29T17:01:29.487114
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1774083/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
