Tracer is restarting auditd with the wrong command

FrostyX / tracer

Tracer finds outdated running applications in your system

GNU General Public License v2.0

82 stars 24 forks source link

Tracer is restarting auditd with the wrong command #192

Closed paulrosberg closed 1 year ago

paulrosberg commented 1 year ago

Using tracer that comes with katello-host-tools-tracer-3.5.7-5.el9.noarch. So I guess the binaries: tracer-common-0.7.8-1.el9.noarch python3-tracer-0.7.8-1.el9.noarch

# tracer --version
0.7.8

Noticed tracer tries to restart auditd with the command “sudo systemctl restart auditd”. However auditd should be restarted with “sudo service auditd restart” according to: https://access.redhat.com/solutions/2664811 Tested this on my EL 7/8/9 hosts and is correct. Can this be fixed?

xsuchy commented 1 year ago

Indeed. See /usr/libexec/initscripts/legacy-actions/auditd/restart

# sudo systemctl restart auditd
Failed to restart auditd.service: Operation refused, unit auditd.service may be requested by dependency only (it is configured to refuse manual start/stop).
See system logs and 'systemctl status auditd.service' for details.

FrostyX commented 1 year ago

Thank you for the feedback @paulrosberg, I pushed a fix in 831fd91