Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1017736: auditd: noise service shutdown of dispatcher plugins
207 views
Skip to first unread message
Christian Göttsche
Aug 19, 2022, 1:50:03 PM8/19/22
to
Package: auditd
Version: 1:3.0.7-1
File: /lib/systemd/system/auditd.service
From upstream report: https://github.com/linux-audit/audit-userspace/issues/272
Due to the Debian patch 01-no-refusemanualstop.patch auditd can be
restarted manually.
The systemd service file does not provide an `ExecStop=` directive,
thus (according to systemd.service[1]):
> If this option is not specified, the process is terminated by sending the signal specified in KillSignal= or RestartKillSignal= when service stop is requested.
on service stops (system shutdown, package upgrade, manual restart
(due to configuration change), etc.) systemd sends SIGTERM (see
systemd.kill[2])) to all process in the control group of the unit,
including dispatch plugins like sedispatch.
This can lead to syslog noise like:
Aug 04 12:26:19 dlaptop sedispatch[864]: sedispatch is exiting on
stop request
Aug 04 12:26:19 dlaptop auditd[862]: plugin /usr/sbin/sedispatch
terminated unexpectedly
Aug 04 12:26:19 dlaptop auditd[862]: plugin /usr/sbin/sedispatch
was restarted
Aug 04 12:26:19 dlaptop sedispatch[5277]: sedispatch is exiting on stdin EOF
Maybe consider adding (see [2] for details):
[Service]
KillMode=mixed
[1]: https://www.freedesktop.org/software/systemd/man/systemd.service.html
[2]: https://www.freedesktop.org/software/systemd/man/systemd.kill.html
Version: 1:3.0.7-1
File: /lib/systemd/system/auditd.service
From upstream report: https://github.com/linux-audit/audit-userspace/issues/272
Due to the Debian patch 01-no-refusemanualstop.patch auditd can be
restarted manually.
The systemd service file does not provide an `ExecStop=` directive,
thus (according to systemd.service[1]):
> If this option is not specified, the process is terminated by sending the signal specified in KillSignal= or RestartKillSignal= when service stop is requested.
on service stops (system shutdown, package upgrade, manual restart
(due to configuration change), etc.) systemd sends SIGTERM (see
systemd.kill[2])) to all process in the control group of the unit,
including dispatch plugins like sedispatch.
This can lead to syslog noise like:
Aug 04 12:26:19 dlaptop sedispatch[864]: sedispatch is exiting on
stop request
Aug 04 12:26:19 dlaptop auditd[862]: plugin /usr/sbin/sedispatch
terminated unexpectedly
Aug 04 12:26:19 dlaptop auditd[862]: plugin /usr/sbin/sedispatch
was restarted
Aug 04 12:26:19 dlaptop sedispatch[5277]: sedispatch is exiting on stdin EOF
Maybe consider adding (see [2] for details):
[Service]
KillMode=mixed
[1]: https://www.freedesktop.org/software/systemd/man/systemd.service.html
[2]: https://www.freedesktop.org/software/systemd/man/systemd.kill.html
Laurent Bigonville
Feb 9, 2023, 4:00:04 AM2/9/23
to
On Fri, 19 Aug 2022 19:42:50 +0200 =?UTF-8?Q?Christian_G=C3=B6ttsche?=
<cgz...@googlemail.com> wrote:
> From upstream report:
https://github.com/linux-audit/audit-userspace/issues/272
>
As mentioned in the upstream bug, I think that this should also be set
<cgz...@googlemail.com> wrote:
> From upstream report:
https://github.com/linux-audit/audit-userspace/issues/272
>
upstream as on shutdown/reboot, systemd WILL stop auditd too
I'm not sure that should be applied to debian only
0 new messages