Inconsistencies between shipped initscript and .service file
Steve Grubb
sgrubb at redhat.com
Wed Jun 29 16:29:02 UTC 2016
Hello,
On Wednesday, June 29, 2016 05:48:46 PM Laurent Bigonville wrote:
> I think there are inconsistencies between the behavior of the shipped
> LSB inistscript and the systemd .service.
>
> The sysconfig config file sets USE_AUGENRULES="no" and
> AUDITD_CLEAN_STOP="yes" while the .service file is actually doing the
> opposite.
>
> I guess that the sysconfig config should be modified (even if it's a
> quite minor issue)?
The idea is this, I didn't want to cause a regression on distributions. The
sysvinit scripts have been shipped forever and always expected the rule to be
in a specific place. So, its disabled so that there are no surprises. That's
because to enable it means that you got to put the rules in the rules.d
directory.
So, the thinking is that if you areswitching to systemd, there a lot different
about the system and as part of re-doing how you use the system let's just put
the rules in the right place and use augenrules by default.
Migrating between the two is not so easy. It needs to be done with intention
or you might get your rules overwritten.
-Steve
More information about the Linux-audit
mailing list