Loading...

XML

Word

Printable

Type: Story
Resolution: Can't Do
Priority: Normal
Fix Version/s: None
Affects Version/s: rhel-9.0.0
Component/s: audit
Labels:
- FutureFeature
- MigratedToJIRA

Severity:
Medium

Pool Team:

rhel-sst-security-special-projects
Sub-System Group:

ssg_security

Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Release Note Type:
If docs needed, set a value

Experience:
Architecture:

All
Bugzilla Bug:
RHBZ: 1894447

PX Priority Data:
PX Review Complete:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Description of problem:

With RHEL7, "RefuseManualStop=yes" is defined in auditd service unit. This prevents admins to restart auditd to reload rules for example.

But there is a trick, using "service auditd restart" just works fine, the protection is hence very weak.
There are also other ways to achieve this: "pkill -TERM auditd" then "systemctl start auditd".

I think this "protection" should be removed from the unit file, it just annoys sysadmins and is definitely useless.

Version-Release number of selected component (if applicable):

audit-2.8.5 and later

Assignee:: Sergio Correia

Reporter:: Renaud Métrich

Developer:: Sergio Correia

QA Contact:: SSG Security QE

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2023/09/19 5:32 PM

Updated:: 2025/02/05 3:55 PM

Resolved:: 2024/12/02 11:58 AM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates