Removing Audit-libs, Python3-audit
Steve Grubb
sgrubb at redhat.com
Wed Feb 23 19:35:03 UTC 2022
Hello,
On Wednesday, February 23, 2022 1:32:31 PM EST Roger Moore wrote:
> Can you let me know how to remove all audit code, including audit-libs
> and python3-audit, and stop them from being updated by DNF update.
>
> DNF keeps reinstalling the python3 code (audit-libs python3-audit).
>
> I have exclude=audit-libs,python3-audit in /etc/yum.conf
>
> But, it keeps on reinstalling.
rpmreaper is a good tool to check dependencies. On my system is shows these
packages pull it in:
5.4M ┌─< python3-policycoreutils 3.3-1.fc35.noarch
o 1.3M ├─< setroubleshoot-server 3.3.28-3.fc35.x86_64
336K python3-audit 3.0.8-1.fc35.x86_64
audit-libs is likely impossible to remove. Pam and shadow-utils link against
it. Unfortunately, systemd turns auditing on. But if you boot with the kernel
audit=0 option and disable the systemd-journald-audit.socket, you should not
get any audit events.
Hope this helps...
-Steve
More information about the Linux-audit
mailing list