auditd fails at server boot
Issue
- The auditd service does not start when the server is booted, the server is unable to boot till auditd is manually disabled in single user mode. Errors seen are:
Feb 08 15:34:50 server.com auditd[1131]: Unable to set initial audit startup state to 'enable', exiting
Feb 08 15:34:50 server.com systemd[1]: Started Security Auditing Service.
Feb 08 15:34:50 server.com auditd[1131]: The audit daemon is exiting.
Feb 08 15:34:50 server.com systemd[1]: Starting Update UTMP about System Boot/Shutdown...
Feb 08 15:34:50 server.com auditd[1131]: Error setting audit daemon pid (Permission denied)
Feb 08 15:34:50 server.com systemd[1]: auditd.service: main process exited, code=exited, status=1/FAILURE
Feb 08 15:34:50 server.com systemd[1]: Unit auditd.service entered failed state.
Feb 08 15:34:50 server.com systemd[1]: auditd.service failed.
Environment
- Red Hat Enterprise Linux 7.x
- audit-2.6.*
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.