Austin
November 10, 2022, 2:11pm
1
I needed auditd for some apparmor stuff:
https://wiki.archlinux.org/title/AppArmor#Auditing_and_generating_profiles
opened 03:14AM - 31 Oct 22 UTC
Hey there @krathalan,
I am having issues running firefox; it gives a white wind… ow on running firefox.
Is there a way I can exclude some profiles whenever there is a rebuild of your aur package?
Like I would like not to have restrictions for evince.
Thank you
But it is failing to start
sudo systemctl status auditd.service
× auditd.service - Security Auditing Service
Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Thu 2022-11-10 19:37:08 IST; 6s ago
Docs: man:auditd(8)
https://github.com/linux-audit/audit-documentation
Process: 28420 ExecStart=/sbin/auditd (code=exited, status=6)
CPU: 8ms
Nov 10 19:37:08 austin-swiftsf31443 systemd[1]: auditd.service: Scheduled restart job, restart counter is at 5.
Nov 10 19:37:08 austin-swiftsf31443 systemd[1]: Stopped Security Auditing Service.
Nov 10 19:37:08 austin-swiftsf31443 systemd[1]: auditd.service: Start request repeated too quickly.
Nov 10 19:37:08 austin-swiftsf31443 systemd[1]: auditd.service: Failed with result 'exit-code'.
Nov 10 19:37:08 austin-swiftsf31443 systemd[1]: Failed to start Security Auditing Service.
filo
November 10, 2022, 2:21pm
2
https://wiki.archlinux.org/title/Audit_framework
In-kernel audit support is available in linux (since 4.18), linux-lts (since 4.19), linux-zen (since 4.18) and linux-hardened . For custom kernels CONFIG_AUDIT
should be enabled.
…
Audit can be enabled at boot-time by setting audit=1
as kernel parameter . This will ensure that all processes that run before the audit daemon starts are marked as auditable by the kernel. Not doing that will make a few processes impossible to properly audit. See auditd(8) .
For userspace support install audit and start/enable auditd.service
.
Could this be the problem?
We don’t have your garuda-inxi but in the profile I see
Kernel: linux-cachyos
2 Likes
Austin
November 10, 2022, 2:56pm
3
austin ~ 20:26 garuda-inxi
System:
Kernel: 6.0.7-2-cachyos arch: x86_64 bits: 64 compiler: gcc v: 12.2.0
parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-cachyos
root=UUID=974f3ce6-ba35-41c5-a737-23cb1e2b873f rw rootflags=subvol=@
lsm=landlock,lockdown,yama,integrity,apparmor,bpf quiet splash
mitigations=off rd.udev.log_priority=3 vt.global_cursor_default=0
loglevel=3 amd_pstate.epp=1 audit=1
Desktop: GNOME v: 43.1 tk: GTK v: 3.24.34 wm: gnome-shell dm: GDM v: 43.0
Distro: Garuda Linux base: Arch Linux
Machine:
Type: Laptop System: Acer product: Swift SF314-43 v: V1.04
serial: <superuser required>
Mobo: LN model: Sake_CA v: V1.04 serial: <superuser required> UEFI: Insyde
v: 1.04 date: 07/28/2021
Battery:
ID-1: BAT1 charge: 44.9 Wh (94.1%) condition: 47.7/53.2 Wh (89.5%)
volts: 12.5 min: 11.6 model: COSMX AP20CBL type: Li-ion serial: <filter>
status: discharging
CPU:
Info: model: AMD Ryzen 5 5500U with Radeon Graphics bits: 64 type: MT MCP
arch: Zen 2 gen: 3 level: v3 note: check built: 2020-22
process: TSMC n7 (7nm) family: 0x17 (23) model-id: 0x68 (104) stepping: 1
microcode: 0x8608102
Topology: cpus: 1x cores: 6 tpc: 2 threads: 12 smt: enabled cache:
L1: 384 KiB desc: d-6x32 KiB; i-6x32 KiB L2: 3 MiB desc: 6x512 KiB L3: 8 MiB
desc: 2x4 MiB
Speed (MHz): avg: 817 high: 2071 min/max: 400/4056 scaling:
driver: amd_pstate_epp governor: performance cores: 1: 2071 2: 2071 3: 400
4: 400 5: 400 6: 400 7: 400 8: 400 9: 400 10: 400 11: 400 12: 2071
bogomips: 50353
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm
Vulnerabilities:
Type: itlb_multihit status: Not affected
Type: l1tf status: Not affected
Type: mds status: Not affected
Type: meltdown status: Not affected
Type: mmio_stale_data status: Not affected
Type: retbleed status: Vulnerable
Type: spec_store_bypass status: Vulnerable
Type: spectre_v1 status: Vulnerable: __user pointer sanitization and
usercopy barriers only; no swapgs barriers
Type: spectre_v2 status: Vulnerable, IBPB: disabled, STIBP: disabled,
PBRSB-eIBRS: Not affected
Type: srbds status: Not affected
Type: tsx_async_abort status: Not affected
Graphics:
Device-1: AMD Lucienne vendor: Acer Incorporated ALI driver: amdgpu
v: kernel arch: GCN-5.1 code: Vega-2 process: TSMC n7 (7nm) built: 2018-21
pcie: gen: 3 speed: 8 GT/s lanes: 16 link-max: gen: 4 speed: 16 GT/s
ports: active: eDP-1 empty: DP-1,HDMI-A-1 bus-ID: 03:00.0
chip-ID: 1002:164c class-ID: 0300 temp: 41.0 C
Device-2: Quanta HD User Facing type: USB driver: uvcvideo bus-ID: 1-3:2
chip-ID: 0408:a094 class-ID: 0e02
Display: wayland server: X.org v: 1.21.1.4 with: Xwayland v: 22.1.5
compositor: gnome-shell driver: X: loaded: modesetting alternate: fbdev,vesa
dri: radeonsi gpu: amdgpu display-ID: 0
Monitor-1: eDP-1 model: AU Optronics 0x683d built: 2019 res: 1920x1080
dpi: 158 gamma: 1.2 size: 309x174mm (12.17x6.85") diag: 355mm (14")
ratio: 16:9 modes: max: 1920x1080 min: 640x480
API: OpenGL v: 4.6 Mesa 22.2.3 renderer: AMD Radeon Graphics (renoir LLVM
14.0.6 DRM 3.48 6.0.7-2-cachyos) direct render: Yes
Audio:
Device-1: AMD Renoir Radeon High Definition Audio
vendor: Acer Incorporated ALI driver: snd_hda_intel v: kernel pcie: gen: 3
speed: 8 GT/s lanes: 16 link-max: gen: 4 speed: 16 GT/s bus-ID: 03:00.1
chip-ID: 1002:1637 class-ID: 0403
Device-2: AMD ACP/ACP3X/ACP6x Audio Coprocessor
vendor: Acer Incorporated ALI driver: snd_rn_pci_acp3x v: kernel
alternate: snd_pci_acp3x,snd_pci_acp5x,snd_pci_acp6x,snd_acp_pci,snd_rpl_pci_acp6x,snd_sof_amd_renoir
pcie: gen: 3 speed: 8 GT/s lanes: 16 link-max: gen: 4 speed: 16 GT/s
bus-ID: 03:00.5 chip-ID: 1022:15e2 class-ID: 0480
Device-3: AMD Family 17h/19h HD Audio vendor: Acer Incorporated ALI
driver: snd_hda_intel v: kernel pcie: gen: 3 speed: 8 GT/s lanes: 16
link-max: gen: 4 speed: 16 GT/s bus-ID: 03:00.6 chip-ID: 1022:15e3
class-ID: 0403
Sound API: ALSA v: k6.0.7-2-cachyos running: yes
Sound Server-1: PulseAudio v: 16.1 running: no
Sound Server-2: PipeWire v: 0.3.59 running: yes
Network:
Device-1: MEDIATEK MT7921 802.11ax PCI Express Wireless Network Adapter
vendor: Lite-On driver: mt7921e v: kernel pcie: gen: 2 speed: 5 GT/s
lanes: 1 bus-ID: 01:00.0 chip-ID: 14c3:7961 class-ID: 0280
IF: wlp1s0 state: up mac: <filter>
Bluetooth:
Device-1: Lite-On Wireless_Device type: USB driver: btusb v: 0.8
bus-ID: 1-4:3 chip-ID: 04ca:3802 class-ID: e001 serial: <filter>
Report: bt-adapter ID: hci0 rfk-id: 0 state: down
bt-service: enabled,running rfk-block: hardware: no software: yes
address: <filter>
Drives:
Local Storage: total: 476.94 GiB used: 43.38 GiB (9.1%)
SMART Message: Required tool smartctl not installed. Check --recommends
ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Kingston model: OM8PDP3512B-AA1
size: 476.94 GiB block-size: physical: 512 B logical: 512 B speed: 31.6 Gb/s
lanes: 4 type: SSD serial: <filter> rev: EDFK0S03 temp: 53.9 C scheme: GPT
Partition:
ID-1: / raw-size: 64.41 GiB size: 64.41 GiB (100.00%)
used: 16.26 GiB (25.2%) fs: btrfs dev: /dev/nvme0n1p2 maj-min: 259:2
ID-2: /boot/efi raw-size: 600 MiB size: 598.8 MiB (99.80%)
used: 308 KiB (0.1%) fs: vfat dev: /dev/nvme0n1p1 maj-min: 259:1
ID-3: /home raw-size: 64 GiB size: 64 GiB (100.00%) used: 1.03 GiB (1.6%)
fs: btrfs dev: /dev/nvme0n1p3 maj-min: 259:3
ID-4: /var/log raw-size: 64.41 GiB size: 64.41 GiB (100.00%)
used: 16.26 GiB (25.2%) fs: btrfs dev: /dev/nvme0n1p2 maj-min: 259:2
ID-5: /var/tmp raw-size: 64.41 GiB size: 64.41 GiB (100.00%)
used: 16.26 GiB (25.2%) fs: btrfs dev: /dev/nvme0n1p2 maj-min: 259:2
Swap:
Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default)
ID-1: swap-1 type: zram size: 7.12 GiB used: 0 KiB (0.0%) priority: 100
dev: /dev/zram0
Sensors:
System Temperatures: cpu: 50.5 C mobo: N/A gpu: amdgpu temp: 41.0 C
Fan Speeds (RPM): N/A
Info:
Processes: 403 Uptime: 0m wakeups: 93 Memory: 7.12 GiB
used: 2.61 GiB (36.7%) Init: systemd v: 251 default: graphical
tool: systemctl Compilers: gcc: 12.2.0 Packages: 1411 pm: pacman pkgs: 1381
libs: 359 tools: gnome-software,pamac,paru,yay pm: flatpak pkgs: 30
Shell: Zsh v: 5.9 running-in: gnome-terminal inxi: 3.3.23
Garuda (2.6.9-1):
System install date: 2022-11-10
Last full system update: 2022-11-10
Is partially upgraded: No
Relevant software: NetworkManager
Windows dual boot: No/Undetected
Snapshots: Snapper
Failed units: auditd.service
filo
November 10, 2022, 3:14pm
6
Check also in the journal.
The requests repeated too quickly are probably only due to something failing.
You could start with
journalctl -u auditd
Then "expand" if needed.
5 Likes
Austin
November 10, 2022, 3:37pm
7
journalctl -u auditd.service
systemd[1]: Starting Security Auditing Service...
auditd[857]: Could not open dir /var/log/audit (No such file or directory)
auditd[857]: The audit daemon is exiting.
systemd[1]: auditd.service: Control process exited, code=exited, status=6/NOTCONFIGURED systemd[1]: auditd.service: Failed with result 'exit-code'.
systemd[1]: Failed to start Security Auditing Service.
systemd[1]: auditd.service: Scheduled restart job, restart counter is at 1.
systemd[1]: Stopped Security Auditing Service.
sudo mkdir /var/log/audit
sudo systemctl start auditd.service
sudo systemctl status auditd.service
● auditd.service - Security Auditing Service
Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; preset: disabled)
Active: active (running) since Thu 2022-11-10 21:05:13 IST; 1s ago
Docs: man:auditd(8)
https://github.com/linux-audit/audit-documentation
Process: 16097 ExecStart=/sbin/auditd (code=exited, status=0/SUCCESS)
Process: 16101 ExecStartPost=/sbin/augenrules --load (code=exited, status=1/FAILURE)
Main PID: 16098 (auditd)
Tasks: 2 (limit: 8690)
Memory: 2.7M
CPU: 28ms
CGroup: /system.slice/auditd.service
└─16098 /sbin/auditd
Nov 10 21:05:13 austin-swiftsf31443 systemd[1]: Starting Security Auditing Service...
Nov 10 21:05:13 austin-swiftsf31443 auditd[16098]: No plugins found, not dispatching events
Nov 10 21:05:13 austin-swiftsf31443 auditd[16098]: Init complete, auditd 3.0.8 listening for events (startup state enable)
Nov 10 21:05:13 austin-swiftsf31443 augenrules[16101]: /sbin/augenrules: No rules directory - /etc/audit/rules.d
Nov 10 21:05:13 austin-swiftsf31443 systemd[1]: Started Security Auditing Service.
Thanks, @filo , for your time and a quick solution!
1 Like
system
Closed
November 12, 2022, 3:38pm
8
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.