FS#58422 - [auditbeat] Add post_install msg about CONFIG_AUDIT
Attached to Project:
Community Packages
Opened by Andrew Kroh (andrewkroh) - Tuesday, 01 May 2018, 22:01 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Wednesday, 11 July 2018, 11:40 GMT
Opened by Andrew Kroh (andrewkroh) - Tuesday, 01 May 2018, 22:01 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Wednesday, 11 July 2018, 11:40 GMT
|
Details
Description:
It would be nice to warn users that install Auditbeat that the Arch kernel has CONFIG_AUDIT disabled. The audit package does this and I think the auditbeat package should do the same (https://git.archlinux.org/svntogit/community.git/tree/trunk/audit.install?h=packages/audit). My suggested message is: post_install() { echo CONFIG_AUDIT is disabled in the Arch kernel packages so a custom kernel echo is required for the Auditbeat auditd module to work. However, some features echo like the the file integrity module will work fine without kernel audit support. echo The package linux-hardened has full support for audit. } Upstream in Auditbeat we are going to add a better error message to tell users that their kernel does not have audit support (https://github.com/elastic/go-libaudit/issues/32). |
This task depends upon
Closed by Massimiliano Torromeo (mtorromeo)
Wednesday, 11 July 2018, 11:40 GMT
Reason for closing: Implemented
Additional comments about closing: auditbeat-6.3.1-1
Wednesday, 11 July 2018, 11:40 GMT
Reason for closing: Implemented
Additional comments about closing: auditbeat-6.3.1-1