From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: Inconsistencies between shipped initscript and .service file Date: Wed, 29 Jun 2016 12:29:02 -0400 Message-ID: <1489827.i94fL1NloU@x2> References: <70d04f75-0f85-ff0e-5306-e4386fa6fc40@debian.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <70d04f75-0f85-ff0e-5306-e4386fa6fc40@debian.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com Hello, On Wednesday, June 29, 2016 05:48:46 PM Laurent Bigonville wrote: > I think there are inconsistencies between the behavior of the shipped > LSB inistscript and the systemd .service. > > The sysconfig config file sets USE_AUGENRULES="no" and > AUDITD_CLEAN_STOP="yes" while the .service file is actually doing the > opposite. > > I guess that the sysconfig config should be modified (even if it's a > quite minor issue)? The idea is this, I didn't want to cause a regression on distributions. The sysvinit scripts have been shipped forever and always expected the rule to be in a specific place. So, its disabled so that there are no surprises. That's because to enable it means that you got to put the rules in the rules.d directory. So, the thinking is that if you areswitching to systemd, there a lot different about the system and as part of re-doing how you use the system let's just put the rules in the right place and use augenrules by default. Migrating between the two is not so easy. It needs to be done with intention or you might get your rules overwritten. -Steve