Hey everyone, I'm seeing some strange behavior when attempting to start the auditd daemon. When I make the /etc/audit.rules and /etc/auditd.conf files symbolic links, the service fails saying that it cannot open /etc/audit.rules because of too many levels of symbolic links:
[EMAIL PROTECTED] etc]# ll /etc/audit* lrwxrwxrwx 1 root root 25 Nov 7 08:22 /etc/auditd.conf -> /diskroot/etc/auditd.conf lrwxrwxrwx 1 root root 25 Nov 7 08:22 /etc/audit.rules -> /diskroot/etc/audit.rules [EMAIL PROTECTED] etc]# service auditd start Starting auditd: Error opening /etc/audit.rules (Too many levels of symbolic links) [EMAIL PROTECTED] etc]# Note that there is nothing special about this particular diskroot directory (i.e. there are no other symbolic links involved). If I remove the symbolic links, the service works fine. The problem is that I need to have the links there for various reasons. Is this a bug in auditd, or did I do something stupid? One last note, if I vi the file via the symbolic link, it works fine, which leads me to believe that this is more likely something wrong in the startup sequence or auditd itself (although I couldn't see any issues that stood out to me). Thanks, Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
