Linux审计服务Auditd systemctl重启问题解决

参照:https://www.linuxidc.com/Linux/2017-06/145316.htm

在RHEL7&&CentOS7时代,默认的服务通过systemd控制,并通过systemctl命令完成启停。但是并不是所有的服务都可以完美的通过systemctl来控制,比如今天要提到的Auditd
编辑audit.rules添加规则后,当然要通过restart服务来重启生效,但是通过
systemctl restart auditd

就会报如下错误:

# systemctl restart auditd
Failed to restart auditd.service: Operation refused, unit auditd.service may be requested by dependency only (it is configured to refuse manual start/stop).
See system logs and 'systemctl status auditd.service' for details.

上网查下,说要用service auditd restart

 

# service auditd restart
Stopping logging:                                          [FAILED]
Redirecting start to /bin/systemctl start auditd.service
Job for auditd.service failed because the control process exited with error code. See "systemctl status auditd.service" and "journalctl -xe" for details.
[root@openstack-rdo ~]# journalctl -xe
Aug 09 16:57:49 openstack-rdo systemd[1]: Failed to start Zabbix Agent.
-- Subject: Unit zabbix-agent.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit zabbix-agent.service has failed.
--
-- The result is failed.
Aug 09 16:57:49 openstack-rdo systemd[1]: Unit zabbix-agent.service entered failed state.
Aug 09 16:57:49 openstack-rdo systemd[1]: zabbix-agent.service failed.
Aug 09 16:57:51 openstack-rdo yum[109281]: Erased: zabbix-release-3.4-2.el7.noarch
Aug 09 16:57:51 openstack-rdo systemd[1]: Stopped Zabbix Agent.
-- Subject: Unit zabbix-agent.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit zabbix-agent.service has finished shutting down.
Aug 09 16:57:51 openstack-rdo yum[109281]: Erased: zabbix-agent-3.4.15-1.el7.x86_64
Aug 09 16:57:51 openstack-rdo systemd[1]: Reloading.
Aug 09 16:57:51 openstack-rdo systemd[1]: Binding to IPv6 address not available since kernel does not
Aug 09 16:57:51 openstack-rdo systemd[1]: Binding to IPv6 address not available since kernel does not
Aug 09 16:57:58 openstack-rdo polkitd[1950]: Registered Authentication Agent for unix-process:109397:
Aug 09 16:57:58 openstack-rdo systemd[1]: Starting Security Auditing Service...
-- Subject: Unit auditd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit auditd.service has begun starting up.
Aug 09 16:57:58 openstack-rdo auditd[109403]: Could not open dir /var/log/audit (No such file or dire
Aug 09 16:57:58 openstack-rdo auditd[109403]: The audit daemon is exiting.
Aug 09 16:57:58 openstack-rdo systemd[1]: auditd.service: control process exited, code=exited status=
Aug 09 16:57:58 openstack-rdo systemd[1]: Failed to start Security Auditing Service.
-- Subject: Unit auditd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit auditd.service has failed.
--
-- The result is failed.
Aug 09 16:57:58 openstack-rdo systemd[1]: Unit auditd.service entered failed state.
Aug 09 16:57:58 openstack-rdo systemd[1]: auditd.service failed.
Aug 09 16:57:58 openstack-rdo polkitd[1950]: Unregistered Authentication Agent for unix-process:10939
Aug 09 16:58:04 openstack-rdo dhclient[22642]: DHCPREQUEST on eth1 to 172.25.0.250 port 67 (xid=0x198


还是有问题,报打不开目录/var/log/audit

Linux审计服务Auditd systemctl重启问题解决_第1张图片

创建并给权限,重启服务

# mkdir /var/log/audit
# chmod 755 /var/log/audit/
# service auditd restart
Stopping logging:                                          [FAILED]

Redirecting start to /bin/systemctl start auditd.service

OK,问题解决。 

 Linux审计服务Auditd systemctl重启问题解决_第2张图片

你可能感兴趣的:(LINUX)