Package: auditd
Version: 1.5.3-1
Severity: critical
File: /etc/init.d/auditd
Justification: breaks the whole system
/etc/init.d/auditd contains this code:
# Remove watches so shutdown works cleanly
case "$AUDITD_CLEAN_STOP" in
no|NO) /sbin/auditctl -D >/dev/null ;;
esac
the description of AUDITD_CLEAN_STOP in /etc/default/auditd suggests
that setting this to "yes" _will_ delete rules. however, the actual
behaviour is reversed; it must be set to "no" to delete rules. the
default value is "yes".
the problem with this is that on a busy system, many things are still
happening while shutdown is running. when auditd is stopped, the system
starts logging audit messages to the console; on a serial console, this
may be slow (say, 9600bps). in the case i just saw, the system took two
hours (!) to shut down after the shutdown command was given, because of
the delay caused by audit logging on the console.
the init script should be fixed so that "yes" deletes audit rules. the
default should remain at "yes" to avoid breaking shutdown.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.21.4-hemlock11-twincest (SMP w/2 CPU cores)
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages auditd depends on:
ii libc6 2.5-9 GNU C Library: Shared libraries
ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip
auditd recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
