auditd fails to start when rules and conf file are symbolic links
Boyce, Kevin P. (Melbourne, FL)
Kevin.Boyce at ngc.com
Mon Nov 13 15:05:59 UTC 2006
Have you tried making hard links to the files just to see if that works?
Kevin Boyce
Northrop Grumman Corp.
2000 W. Nasa Blvd. D01/222
Melbourne, Fl. 32902
kevin.boyce at ngc.com
-----Original Message-----
From: linux-audit-bounces at redhat.com
[mailto:linux-audit-bounces at redhat.com] On Behalf Of Smith, Steven G
(Steven)
Sent: Tuesday, November 07, 2006 11:23 AM
To: linux-audit at redhat.com
Subject: auditd fails to start when rules and conf file are symbolic
links
Hey everyone,
I'm seeing some strange behavior when attempting to start the auditd
daemon. When I make the /etc/audit.rules and /etc/auditd.conf files
symbolic links, the service fails saying that it cannot open
/etc/audit.rules because of too many levels of symbolic links:
[root at bling etc]# ll /etc/audit*
lrwxrwxrwx 1 root root 25 Nov 7 08:22 /etc/auditd.conf ->
/diskroot/etc/auditd.conf lrwxrwxrwx 1 root root 25 Nov 7 08:22
/etc/audit.rules -> /diskroot/etc/audit.rules [root at bling etc]# service
auditd start Starting auditd:
Error opening /etc/audit.rules (Too many levels of symbolic links)
[root at acidsnowflake etc]#
Note that there is nothing special about this particular diskroot
directory (i.e. there are no other symbolic links involved). If I
remove the symbolic links, the service works fine. The problem is that
I need to have the links there for various reasons. Is this a bug in
auditd, or did I do something stupid?
One last note, if I vi the file via the symbolic link, it works fine,
which leads me to believe that this is more likely something wrong in
the startup sequence or auditd itself (although I couldn't see any
issues that stood out to me).
Thanks,
Steve
--
Linux-audit mailing list
Linux-audit at redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list