Package: auditd
Version: 1:2.8.4-3
Severity: important
Tags: upstream
Dear Maintainer,
* What led up to the situation?
Stop auditd service using 'service auditd stop'
Modify the following settings in /etc/audit/auditd.conf:
write_logs = no
#log_file =
* What exactly did you do (or not do) that was effective (or
ineffective)?
Start the auditd service using 'service auditd start'; and then
Stop the auditd service using 'service auditd stop'
Check the status of auditd using 'service auditd status'
* What was the outcome of this action?
auditd status is showing the following:
● auditd.service - Security Auditing Service
Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset:
enabled)
Active: failed (Result: core-dump) since Wed 2021-03-17 09:39:27 ACDT; 2s ago
Docs: man:auditd(8)
https://github.com/linux-audit/audit-documentation
Process: 9564 ExecStart=/sbin/auditd (code=exited, status=0/SUCCESS)
Process: 9569 ExecStartPost=/sbin/augenrules --load (code=exited,
status=0/SUCCESS)
Main PID: 9565 (code=dumped, signal=SEGV)
* What outcome did you expect instead?
Expected auditd not to seg fault. Following is the expected
outcome:
● auditd.service - Security Auditing Service
Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset:
enabled)
Active: inactive (dead) since Wed 2021-03-17 10:04:16 ACDT; 1s ago
Docs: man:auditd(8)
https://github.com/linux-audit/audit-documentation
Process: 9705 ExecStart=/sbin/auditd (code=exited, status=0/SUCCESS)
Process: 9710 ExecStartPost=/sbin/augenrules --load (code=exited,
status=0/SUCCESS)
Main PID: 9706 (code=exited, status=0/SUCCESS)
-- System Information:
Debian Release: 10.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-14-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8),
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages auditd depends on:
ii libaudit1 1:2.8.4-3
ii libauparse0 1:2.8.4-3
ii libc6 2.28-10
ii libgssapi-krb5-2 1.17-3+deb10u1
ii libkrb5-3 1.17-3+deb10u1
ii libwrap0 7.6.q-28
ii lsb-base 10.2019051400
ii mawk 1.3.3-17+b3
auditd recommends no packages.
Versions of packages auditd suggests:
pn audispd-plugins <none>
-- Configuration Files:
/etc/audisp/audispd.conf [Errno 13] Permission denied:
'/etc/audisp/audispd.conf'
/etc/audisp/plugins.d/af_unix.conf [Errno 13] Permission denied:
'/etc/audisp/plugins.d/af_unix.conf'
/etc/audisp/plugins.d/syslog.conf [Errno 13] Permission denied:
'/etc/audisp/plugins.d/syslog.conf'
/etc/audit/audit-stop.rules [Errno 13] Permission denied:
'/etc/audit/audit-stop.rules'
/etc/audit/auditd.conf [Errno 13] Permission denied: '/etc/audit/auditd.conf'
/etc/audit/rules.d/audit.rules [Errno 13] Permission denied:
'/etc/audit/rules.d/audit.rules'
-- no debconf information
