Package: auditd Version: 1:2.8.4-3 Severity: important Tags: upstream Dear Maintainer,
* What led up to the situation? Stop auditd service using 'service auditd stop' Modify the following settings in /etc/audit/auditd.conf: write_logs = no #log_file = * What exactly did you do (or not do) that was effective (or ineffective)? Start the auditd service using 'service auditd start'; and then Stop the auditd service using 'service auditd stop' Check the status of auditd using 'service auditd status' * What was the outcome of this action? auditd status is showing the following: ● auditd.service - Security Auditing Service Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: enabled) Active: failed (Result: core-dump) since Wed 2021-03-17 09:39:27 ACDT; 2s ago Docs: man:auditd(8) https://github.com/linux-audit/audit-documentation Process: 9564 ExecStart=/sbin/auditd (code=exited, status=0/SUCCESS) Process: 9569 ExecStartPost=/sbin/augenrules --load (code=exited, status=0/SUCCESS) Main PID: 9565 (code=dumped, signal=SEGV) * What outcome did you expect instead? Expected auditd not to seg fault. Following is the expected outcome: ● auditd.service - Security Auditing Service Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: enabled) Active: inactive (dead) since Wed 2021-03-17 10:04:16 ACDT; 1s ago Docs: man:auditd(8) https://github.com/linux-audit/audit-documentation Process: 9705 ExecStart=/sbin/auditd (code=exited, status=0/SUCCESS) Process: 9710 ExecStartPost=/sbin/augenrules --load (code=exited, status=0/SUCCESS) Main PID: 9706 (code=exited, status=0/SUCCESS) -- System Information: Debian Release: 10.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-14-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages auditd depends on: ii libaudit1 1:2.8.4-3 ii libauparse0 1:2.8.4-3 ii libc6 2.28-10 ii libgssapi-krb5-2 1.17-3+deb10u1 ii libkrb5-3 1.17-3+deb10u1 ii libwrap0 7.6.q-28 ii lsb-base 10.2019051400 ii mawk 1.3.3-17+b3 auditd recommends no packages. Versions of packages auditd suggests: pn audispd-plugins <none> -- Configuration Files: /etc/audisp/audispd.conf [Errno 13] Permission denied: '/etc/audisp/audispd.conf' /etc/audisp/plugins.d/af_unix.conf [Errno 13] Permission denied: '/etc/audisp/plugins.d/af_unix.conf' /etc/audisp/plugins.d/syslog.conf [Errno 13] Permission denied: '/etc/audisp/plugins.d/syslog.conf' /etc/audit/audit-stop.rules [Errno 13] Permission denied: '/etc/audit/audit-stop.rules' /etc/audit/auditd.conf [Errno 13] Permission denied: '/etc/audit/auditd.conf' /etc/audit/rules.d/audit.rules [Errno 13] Permission denied: '/etc/audit/rules.d/audit.rules' -- no debconf information