Public bug reported:
The rule '-a always,exit -F path=/home/ubuntu/test.sh -F perm=x -F auid>=1000
-F auid!=unset -k privileged' can not be loaded during system boot up.
# lsb_release -rc
Release:22.04
Codename: jammy
# dpkg -l|grep audit
ii auditd
** Description changed:
-
- The rule '-a always,exit -F path=/home/ubuntu/test.sh -F perm=x -F auid>=1000
-F auid!=unset -k privileged' can not be loaded during system boot up.
+ The rule '-a always,exit -F path=/home/ubuntu/test.sh -F perm=x -F
+ auid>=1000 -F auid!=unset -k privileged' can
> and < should be escaped in shell. It's not a bug. closing it.
** Changed in: audit (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to audit in Ubuntu.
Hi Seth,
Thank you for the advice of "-i". It works if I append "-i" into the
problematic line.
It's strange that:
1) I can not see any difference between /home/ubuntu/test.sh, /
opt/test.sh, /etc/test.sh and /usr/bin/test.sh, as there is no
separated partition
lsblk
vda 252:00
Comparing the files /etc/systemd/system/multi-user.target.wants/auditd.service
between Focal and Jammy,
I can see Jammy has the line "ProtectHome=true", If I remove this line and
reboot the system, then the rule can be loaded along with system bootup
--
You received this bug notification
Public bug reported:
lsb_release -rc
Release:22.04
Codename: jammy
dpkg -l|grep audi
ii auditd 1:3.0.7-1build1
amd64User space tools for security auditing
ii libaudit-common 1:3.0.7-1build1
6 matches
Mail list logo
