Public bug reported:
auditd seems to ignore rules on /proc set in /etc/audit/rules.d/
cat /etc/audit/rules.d/10-test.rules
-w /proc -p wa -k test_proc
auditctl -l
No rules
distro = jammy
auditd version = 1:3.0.7-1build1
Workarounds:
1- use auditctl to either define audit rules or read the rules from a
file.
OR
2- remove the line "ProtectControlGroups=true" from
/etc/systemd/system/multi-user.target.wants/auditd.service
note. workaround #2: sometimes I had to restart the service multiple
times to get changes applied. I also have a user reporting it didn't
work for them.
** Affects: audit (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085511
Title:
auditd ignores settings
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/audit/+bug/2085511/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
