Cropi
commented
4 months ago In the spec file, I would suggest to use %{_unitdir}/auditd.service.d directory, which would expand to /usr/lib/systemd/system/auditd.service.d.
Closed septatrix closed 4 months ago
Cropi
commented
4 months ago In the spec file, I would suggest to use %{_unitdir}/auditd.service.d directory, which would expand to /usr/lib/systemd/system/auditd.service.d.
septatrix
commented
4 months ago I would recommend against that as /usr is supposed to control the default data from the packages/distribution while sysadmins should apply configuration to /etc. In some systems /usr is even readonly for security and robustness. For the same reason systemctl edit also puts drop-ins under /etc
Cropi
commented
4 months ago Sorry, poor choice of words on my side. You are right that modifications to the service file done by sysadmins should be applied to configurations in /etc.
I just wanted to note that there is the audit.spec file (https://github.com/linux-audit/audit-userspace/blob/master/audit.spec#L221) that can be used to build the RPMs. There, we should use /usr.
stevegrubb
commented
4 months ago I would hope that people understand the hints and do the right thing. Just in case, I updated the comments to explain to override only the necessary lines and consult systemd documentation if unsure.
stevegrubb
commented
4 months ago Not hearing any objections or change requests for the latest text added to the service file. I assume it is now fixed. Closing this issue. Feel free to re-open if there's more to discuss.
The systemd unit file shipped by this project recommends to copy the whole unit only to adjust some ordering properties when using remote logging. This is discouraged as updates of the original file by the distribution are no longer reflected. Instead, it should recommend to create a drop in file using
systemctl editor manually be creating the file under/etc/systemd/system/auditd.service.d/adjust-ordering-for-remote-logging.conf.