[Bug 1774083] [NEW] auditd upgrade appeared to remove my rules

Tue, 29 May 2018 17:26:13 -0700 

Public bug reported:

Hello, I lost my audit rules when upgrading from 16.04 LTS to 18.04 LTS.
I had a moderately extensive list of custom rules in
/etc/audit/audit.rules and eventually realized that I was seeing far
fewer audit events after my upgrade to 18.04 LTS.

My rules were moved aside to /etc/audit/audit.rules.prev and a fairly
useless generic set were installed in /etc/audit/audit.rules.

Because I hadn't read /usr/share/doc/auditd/NEWS.Debian.gz I hadn't
realized that this file was automatically generated on restarts, so
mv'ing my old file back in place and restarting means my rules are gone.

I can't recall any other package that replaces working local
configuration with package default on upgrade. For an *auditing* package
it may even place businesses into non-compliance with rules and
regulation. For me it's just an annoyance and a reminder that I need a
better backup solution.

Thanks

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: auditd 1:2.8.2-1ubuntu1
ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
Uname: Linux 4.15.0-20-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
Date: Tue May 29 17:07:25 2018
InstallationDate: Installed on 2012-10-18 (2049 days ago)
InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 
(20120823.1)
ProcEnviron:
 TERM=rxvt-unicode-256color
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: audit
UpgradeStatus: Upgraded to bionic on 2018-05-02 (28 days ago)
mtime.conffile..etc.audit.audit.rules: 2018-05-29T17:01:29.487114

** Affects: audit (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug bionic

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774083

Title:
  auditd upgrade appeared to remove my rules

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1774083/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to