Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2016-03-15 14:13:48 -0600

florian gravatar image

auditd.service fails

Hi, systemctl --failed revealed that auditd.service is not running properly:

  UNIT           LOAD   ACTIVE SUB    DESCRIPTION
● auditd.service loaded failed failed Security Auditing Service

systemctl status auditd.service shows:

● auditd.service - Security Auditing Service
   Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2016-03-15 14:35:20 EDT; 33min ago
  Process: 1076 ExecStartPost=/sbin/auditctl -R /etc/audit/audit.rules (code=exited, status=0/SUCCESS)
  Process: 1075 ExecStart=/sbin/auditd -n (code=exited, status=6)
 Main PID: 1075 (code=exited, status=6)

systemd[1]: Starting Security Auditing Service...
auditctl[1076]: No rules
systemd[1]: Started Security Auditing Service.
auditd[1075]: Could not open dir /var/log/audit (No such file or directory)
auditd[1075]: The audit daemon is exiting.
systemd[1]: auditd.service: main process exited, code=exited, status=6/NOTCONFIGURED
systemd[1]: Unit auditd.service entered failed state.

My question are:

  • Is that a problem?
  • Why don't I have /var/log/audit?
  • What does status=6 mean?
  • How could I fix it?

auditd.service fails

Hi, systemctl --failed revealed that auditd.service auditd.service is not running properly:

  UNIT           LOAD   ACTIVE SUB    DESCRIPTION
● auditd.service loaded failed failed Security Auditing Service

systemctl status auditd.service shows:

● auditd.service - Security Auditing Service
   Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2016-03-15 14:35:20 EDT; 33min ago
  Process: 1076 ExecStartPost=/sbin/auditctl -R /etc/audit/audit.rules (code=exited, status=0/SUCCESS)
  Process: 1075 ExecStart=/sbin/auditd -n (code=exited, status=6)
 Main PID: 1075 (code=exited, status=6)

systemd[1]: Starting Security Auditing Service...
auditctl[1076]: No rules
systemd[1]: Started Security Auditing Service.
auditd[1075]: Could not open dir /var/log/audit (No such file or directory)
auditd[1075]: The audit daemon is exiting.
systemd[1]: auditd.service: main process exited, code=exited, status=6/NOTCONFIGURED
systemd[1]: Unit auditd.service entered failed state.

My question are:

  • Is that a problem?
  • Why don't I have /var/log/audit?
  • What does status=6 mean?
  • How could I fix it?