启动审计守护程序时出错
Posted
技术标签:
【中文标题】启动审计守护程序时出错【英文标题】:Error while starting the audit daemon 【发布时间】:2018-11-20 16:06:45 【问题描述】:我已经安装了审计守护进程。现在我试图启动它。这个错误不断出现。
Job for auditd.service failed because the control process exited with error code. See "systemctl status auditd.service" and "journalctl -xe" for details.
这是什么错误?我怎样才能摆脱它?
现在我也重新安装了软件包,但仍然有同样的错误。请帮帮我。
安装包时,出现新错误:
Errors were encountered while processing:
auditd
E: Sub-process /usr/bin/dpkg returned an error code (1)
这是什么错误?
【问题讨论】:
您是否按照错误信息中的说明进行操作? 我运行了systemctl status auditd.service 并得到了这个● auditd.service - Security Auditing Service Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: e Active: failed (Result: exit-code) since Mon 2018-06-11 17:47:21 IST; 21s ago Process: 9793 ExecStartPost=/sbin/auditctl -R /etc/audit/audit.rules (code=exi Process: 9791 ExecStart=/sbin/auditd -n (code=exited, status=6) Main PID: 9791 (code=exited, status=6) lines 1-6/6 (END)
当我运行 journalctl -xe 时,我得到了这个 Hint: You are currently not seeing messages from other users and the system. Users in the 'systemd-journal' group can see all messages. Pass -q to turn off this notice. No journal files were opened due to insufficient permissions.
嗨,如果有更多输出,您可以尝试systemctl status auditd.service -l 显示完整日志
这就是我得到的@Jaay auditd.service - Security Auditing Service Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: e Active: failed (Result: exit-code) since Mon 2018-06-11 18:29:11 IST; 2min 6s Process: 17742 ExecStartPost=/sbin/auditctl -R /etc/audit/audit.rules (code=ex Process: 17739 ExecStart=/sbin/auditd -n (code=exited, status=6) Main PID: 17739 (code=exited, status=6)
【参考方案1】:
运行
ls -RZa /var/log/audit
restorecon -vr /var/log/audit
ls -RZa /var/log/audit -- 现在比较差异
service auditd start -- 启动审计服务
【讨论】:
以上是关于启动审计守护程序时出错的主要内容,如果未能解决你的问题,请参考以下文章