Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#36823 - [audit] service not working,
Attached to Project:
Community Packages
Opened by RbN (RbN) - Saturday, 07 September 2013, 19:53 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Monday, 09 September 2013, 17:00 GMT
Opened by RbN (RbN) - Saturday, 07 September 2013, 19:53 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Monday, 09 September 2013, 17:00 GMT
|
DetailsDescription :
Since last update, the location of the file containing the rules changed from /etc/audit/ to /etc/audit/rules.d/ Solution : The systemd's service file must be changed to match the new behavior : ExecStartPost=-/usr/bin/auditctl -R /etc/audit/rules.d/audit.rules |
This task depends upon
Closed by Massimiliano Torromeo (mtorromeo)
Monday, 09 September 2013, 17:00 GMT
Reason for closing: Not a bug
Monday, 09 September 2013, 17:00 GMT
Reason for closing: Not a bug
## To use augenrules, copy this file to /etc/systemd/system/auditd.service
## and uncomment the next line and delete/comment out the auditctl line.
## Then copy existing rules to /etc/audit/rules.d/
## Not doing this last step can cause loss of existing rules
#ExecStartPost=-/usr/bin/augenrules --load
The location of the rules file did not change. You can still use the /etc/audit/audit.rules file as before without changing anything or use the /etc/audit/rules.d/ directory and follow the above instructions. The service file is provided by the upstream project.
Anyway, why the audit.rules file was pacsaved during last update ?
That confused me.