Bug#1038993: audit enabled despite nothing requesting it
Luca Boccassi
bluca at debian.org
Mon Jun 26 12:51:18 BST 2023
On Sat, 24 Jun 2023 00:38:16 -0700 Josh Triplett
<josh at joshtriplett.org> wrote:
> Package: systemd
> Version: 253-3
> Severity: normal
> X-Debbugs-Cc: josh at joshtriplett.org
>
> The NEWS.Debian for the latest version of systemd mentions no longer
> disabling audit, and relying on the audit socket being disabled by
> default. However, despite that, upgrading systemd seems to have
enabled
> the audit socket unit:
>
> ~$ systemctl | grep audit
> systemd-journald-audit.socket loaded active running Journal
Audit Socket
>
> And there are a pile of audit messages in dmesg and the journal,
> drowning out other messages.
>
> I checked, and no units have Audit=yes, nor does anything appear to
> depend on systemd-journald-audit.socket, nor is
> systemd-journald-audit.socket included in sockets.target.wants.
Turns out we overlooked one thing - systemd-journald.service lists the
audit socket under Sockets=, but that adds an implicit Wants, so
effectively it is always activated automatically.
--
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20230626/2185a3fa/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list