Package: auditd
Version: 1:2.4-1+b1
Severity: normal
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
- I was setting up auditd on a new system install.
* What exactly did you do (or not do) that was effective (or
ineffective)?
- "auditctl -s" segfaults
- probably related: execve rules caused "auditctl -R
/etc/audit/audit.rules"
to exit out with an error.
ie, from audit.rules: -a exit,always -F arch=b32 -S execve
* What was the outcome of this action?
- auditctl -s : segfault
- rules were not properly loaded
* What outcome did you expect instead?
- auditctl to run and not crash
Let's get to the point! Jessie was shipped with kernel 3.16 and auditd 2.4.
In auditd's 2.4.1 changelog: "- Update syscall tables for the 3.18 kernel"
My solution was to update audit to at least 2.4.1 for Debian Jessie so
that everything plays well together.
Note: I built sid's 2.4.4-3 (backported?) just fine with no changes. It
just works.
Alternative: Someone should make an official backport. :)
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 8.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.16.0-4-686-pae (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages auditd depends on:
ii init-system-helpers 1.22
ii libaudit1 1:2.4.4-3~jessie
ii libauparse0 1:2.4-1+b1
ii libc6 2.19-18+deb8u1
ii libgssapi-krb5-2 1.12.1+dfsg-19
ii libkrb5-3 1.12.1+dfsg-19
ii libwrap0 7.6.q-25
ii lsb-base 4.1+Debian13+nmu1
ii mawk 1.3.3-17
auditd recommends no packages.
Versions of packages auditd suggests:
pn audispd-plugins <none>
-- Configuration Files:
/etc/audit/auditd.conf [Errno 13] Permission denied: u'/etc/audit/auditd.conf'
/etc/audit/rules.d/audit.rules [Errno 13] Permission denied:
u'/etc/audit/rules.d/audit.rules'
-- no debconf information
