search

chef-cookbooks / auditd

Install and configure user mode auditd tools
Apache License 2.0
34 stars 39 forks source link

CentOS 7.5, package audit >= 2.8.4, action reload does not exist in init-script #55

Closed isuftin closed 4 years ago

isuftin commented 5 years ago

It seems like the audit package version >= 2.8.4 for CentOS 7.x no longer supports the "reload". Using this cookbook, the service may not be installed. The error is shown below.

Also see: https://bugzilla.redhat.com/show_bug.cgi?id=1647521

       Recipe: auditd::default                                                                                                                                                                   [33/1477]
         * service[auditd] action reload

           ================================================================================
           Error executing action `reload` on resource 'service[auditd]'
           ================================================================================

           Mixlib::ShellOut::ShellCommandFailed
           ------------------------------------
           Expected process to exit with [0], but received '3'
           ---- Begin output of /bin/systemctl --system reload auditd ----
           STDOUT:
           STDERR: Failed to reload auditd.service: Job type reload is not applicable for unit auditd.service.
           See system logs and 'systemctl status auditd.service' for details.
           ---- End output of /bin/systemctl --system reload auditd ----
           Ran /bin/systemctl --system reload auditd returned 3

           Resource Declaration:                                                                                                                                                                                     ---------------------
           # In /tmp/kitchen/cache/cookbooks/auditd/recipes/default.rb

            24: service 'auditd' do
            25:   restart_command '/usr/libexec/initscripts/legacy-actions/auditd/restart' if platform_family?('rhel') && node['init_package'] == 'systemd'
            26:   supports [:start, :stop, :restart, :reload, :status]
            27:   action :enable
            28: end

           Compiled Resource:
           ------------------
           # Declared in /tmp/kitchen/cache/cookbooks/auditd/recipes/default.rb:24:in `from_file'

           service("auditd") do
             action [:enable]
             default_guard_interpreter :default
             service_name "auditd"
             enabled true
             running true
             masked false
             pattern "auditd"
             restart_command "/usr/libexec/initscripts/legacy-actions/auditd/restart"
             declared_type :service
             cookbook_name "auditd"
             recipe_name "default"
             supports {:start=>true, :stop=>true, :restart=>true, :reload=>true, :status=>true}
           end

           System Info:
           ------------
           chef_version=14.7.17
           platform=centos
           platform_version=7.5.1804
           ruby=ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
           program_name=/opt/chef/bin/chef-client
           executable=/opt/chef/bin/chef-client
isuftin commented 4 years ago

Tested v2.3.4, seems to be working

isuftin commented 4 years ago

Nope. I was wrong. Still broken on v2.3.4

tas50 commented 4 years ago

This is fixed in the 2.4.0 release on supermarket now.