auditd service is re-enabled when audit package is updated
Issue
- In the environment where the user stops and disables the
auditd.service
and theauditd
package gets updated later withinyum update
procedure, the service gets re-enabled and started again. This seems to be triggered by the code which the package runs:
> %postun
> if [ $1 -ge 1 ]; then
> /sbin/service auditd condrestart > /dev/null 2>&1 || :
> fi
Environment
- Red Hat Enterprise Linux 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.