audit-userspace icon indicating copy to clipboard operation
audit-userspace copied to clipboard
verified publisher icon linux-audit

auditd.service: set LogsDirectory and RuntimeDirectory, remove tmpfiles dependency

Open LordGrimmauld opened this issue 4 months ago • 3 comments

setting LogsDirectory and RuntimeDirectory ensures systemd will create these directories ahead of starting the auditd service. It also ensures the auditd service has write permissions, even if someone might add additional hardening options to the systemd service in the future. As a result, there is just no more need for the tmpfiles rules.

LordGrimmauld avatar Sep 11 '25 11:09 LordGrimmauld

We might also want to set LogsDirectoryMode / RuntimeDirectoryMode now that i think about this... The tmpfiles rules had 0700 for log dir. I am thinking the runtime dir should probably be 755 or 644.

LordGrimmauld avatar Sep 15 '25 21:09 LordGrimmauld

We might also want to set LogsDirectoryMode / RuntimeDirectoryMode

Done. I copied directory permission bits from the systemd tmpfiles config for the log directory, and make_audit_run_dir() for the runtime directory.

LordGrimmauld avatar Sep 16 '25 16:09 LordGrimmauld

We're taking a break from the audit project. We'll look at this when we're back.

stevegrubb avatar Oct 19 '25 15:10 stevegrubb