* Daemon start problems
@ 2011-11-22 10:52 Stephen Quinney
2011-11-29 16:20 ` Steve Grubb
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Quinney @ 2011-11-22 10:52 UTC (permalink / raw)
To: linux-audit
I'm seeing some problems with the audit daemon not starting at
boot-time on a RHEL6 machine. If I login as root after the boot
sequence has finished it can be manually started without any
problems. At first I thought this might be a bad interaction with the
readahead tool (as noted in the technical docs for RHEL6) so I removed
that package entirely but the problem remains.
We have a slightly peculiar environment due to the config management
tool we use so I'm fairly confident this is our problem rather than a
bug in the auditd code. However, I'm struggling to debug why it is
failing each time. All I get back from the daemon is an exit code of
1, this seems to mean "generic or unspecified error", and no useful
error messages so I'm a bit stuck on what to do next.
Any suggestions?
Stephen Quinney
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Daemon start problems
2011-11-22 10:52 Daemon start problems Stephen Quinney
@ 2011-11-29 16:20 ` Steve Grubb
2011-12-13 11:50 ` Stephen Quinney
0 siblings, 1 reply; 3+ messages in thread
From: Steve Grubb @ 2011-11-29 16:20 UTC (permalink / raw)
To: linux-audit
On Tuesday, November 22, 2011 05:52:32 AM Stephen Quinney wrote:
> However, I'm struggling to debug why it is failing each time. All I get back from
> the daemon is an exit code of 1, this seems to mean "generic or unspecified error",
> and no useful error messages so I'm a bit stuck on what to do next.
>
> Any suggestions?
Have you looked in syslog? Generally the audit daemon writes about any problem it runs
into there.
-Steve
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Daemon start problems
2011-11-29 16:20 ` Steve Grubb
@ 2011-12-13 11:50 ` Stephen Quinney
0 siblings, 0 replies; 3+ messages in thread
From: Stephen Quinney @ 2011-12-13 11:50 UTC (permalink / raw)
To: Steve Grubb; +Cc: linux-audit
On Tue, Nov 29, 2011 at 11:20:35AM -0500, Steve Grubb wrote:
> On Tuesday, November 22, 2011 05:52:32 AM Stephen Quinney wrote:
> > However, I'm struggling to debug why it is failing each time. All I get back from
> > the daemon is an exit code of 1, this seems to mean "generic or unspecified error",
> > and no useful error messages so I'm a bit stuck on what to do next.
> >
> > Any suggestions?
>
> Have you looked in syslog? Generally the audit daemon writes about any problem it runs
> into there.
>
I have finally tracked down what was going on here. The daemon only
fails to start at boot time when the action_mail_acct configuration
option is set. A look in the audit_config.c code reveals that the
email address is passed through the validate_email() function which
uses gethostbyname() to check the host. Although the network is up
before auditd starts, at that point in the boot sequence there are no
reachable DNS servers. This is due to a local configuration oddity
with the resolv.conf file. Moving auditd to later in the boot sequence
resolves the problem.
Stephen Quinney
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-12-13 11:50 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-22 10:52 Daemon start problems Stephen Quinney
2011-11-29 16:20 ` Steve Grubb
2011-12-13 11:50 ` Stephen Quinney
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox