Hi,
systemctl --failed revealed that auditd.service is not running properly:
UNIT LOAD ACTIVE SUB DESCRIPTION
● auditd.service loaded failed failed Security Auditing Service
systemctl status auditd.service shows:
● auditd.service - Security Auditing Service
Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2016-03-15 14:35:20 EDT; 33min ago
Process: 1076 ExecStartPost=/sbin/auditctl -R /etc/audit/audit.rules (code=exited, status=0/SUCCESS)
Process: 1075 ExecStart=/sbin/auditd -n (code=exited, status=6)
Main PID: 1075 (code=exited, status=6)
systemd[1]: Starting Security Auditing Service...
auditctl[1076]: No rules
systemd[1]: Started Security Auditing Service.
auditd[1075]: Could not open dir /var/log/audit (No such file or directory)
auditd[1075]: The audit daemon is exiting.
systemd[1]: auditd.service: main process exited, code=exited, status=6/NOTCONFIGURED
systemd[1]: Unit auditd.service entered failed state.
My question are:
- Is that a problem?
- Why don't I have /var/log/audit?
- What does status=6 mean?
- How could I fix it?
