Public bug reported:
auditd seems to ignore rules on /proc set in /etc/audit/rules.d/
cat /etc/audit/rules.d/10-test.rules
-w /proc -p wa -k test_proc
auditctl -l
No rules
distro = jammy
auditd version = 1:3.0.7-1build1
Workarounds:
1- use auditctl to either define audit rules or read the rules from a
file.
OR
2- remove the line "ProtectControlGroups=true" from
/etc/systemd/system/multi-user.target.wants/auditd.service
note. workaround #2: sometimes I had to restart the service multiple
times to get changes applied. I also have a user reporting it didn't
work for them.
** Affects: audit (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to audit in Ubuntu.
https://bugs.launchpad.net/bugs/2085514
Title:
auditd ignores settings
Status in audit package in Ubuntu:
New
Bug description:
auditd seems to ignore rules on /proc set in /etc/audit/rules.d/
cat /etc/audit/rules.d/10-test.rules
-w /proc -p wa -k test_proc
auditctl -l
No rules
distro = jammy
auditd version = 1:3.0.7-1build1
Workarounds:
1- use auditctl to either define audit rules or read the rules from a
file.
OR
2- remove the line "ProtectControlGroups=true" from
/etc/systemd/system/multi-user.target.wants/auditd.service
note. workaround #2: sometimes I had to restart the service multiple
times to get changes applied. I also have a user reporting it didn't
work for them.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/audit/+bug/2085514/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
