如何在 CentOS Linux 版本 8.2.2004 中启动 auditd?

如何在 CentOS Linux 版本 8.2.2004 中启动 auditd?

sudo yum reinstall audit在运行 CentOS Linux 版本 8.2.2004 的服务器上进行了此操作。

我尝试了一下systemctl start auditd,但失败了。运行时journalctl -xe我收到以下输出:

-- Unit auditd.service has begun starting up.
Sep 15 20:19:02 my_app auditd[158318]: No plugins found, not dispatching events
Sep 15 20:19:02 my_app auditd[158318]: Error setting audit daemon pid (File exists)
Sep 15 20:19:02 my_app auditd[158318]: Unable to set audit pid, exiting
Sep 15 20:19:02 my_app auditd[158318]: The audit daemon is exiting.
Sep 15 20:19:02 my_app auditd[158318]: Error setting audit daemon pid (Permission denied)
Sep 15 20:19:02 my_app systemd[1]: auditd.service: Main process exited, code=exited, status=1/FAILURE
Sep 15 20:19:02 my_app augenrules[158319]: /sbin/augenrules: No change
Sep 15 20:19:02 my_app augenrules[158319]: No rules
Sep 15 20:19:02 my_app augenrules[158319]: enabled 1
Sep 15 20:19:02 my_app augenrules[158319]: failure 1
Sep 15 20:19:02 my_app augenrules[158319]: pid 2094
Sep 15 20:19:02 my_app augenrules[158319]: rate_limit 0
Sep 15 20:19:02 my_app augenrules[158319]: backlog_limit 8192
Sep 15 20:19:02 my_app augenrules[158319]: lost 0
Sep 15 20:19:02 my_app augenrules[158319]: backlog 0
Sep 15 20:19:02 my_app augenrules[158319]: backlog_wait_time 60000
Sep 15 20:19:02 my_app augenrules[158319]: enabled 1
Sep 15 20:19:02 my_app augenrules[158319]: failure 1
Sep 15 20:19:02 my_app augenrules[158319]: pid 2094
Sep 15 20:19:02 my_app augenrules[158319]: rate_limit 0
Sep 15 20:19:02 my_app augenrules[158319]: backlog_limit 8192
Sep 15 20:19:02 my_app augenrules[158319]: lost 0
Sep 15 20:19:02 my_app augenrules[158319]: backlog 0
Sep 15 20:19:02 my_app augenrules[158319]: backlog_wait_time 60000
Sep 15 20:19:02 my_app augenrules[158319]: enabled 1
Sep 15 20:19:02 my_app augenrules[158319]: failure 1
Sep 15 20:19:02 my_app augenrules[158319]: pid 2094
Sep 15 20:19:02 my_app augenrules[158319]: rate_limit 0
Sep 15 20:19:02 my_app augenrules[158319]: backlog_limit 8192
Sep 15 20:19:02 my_app augenrules[158319]: lost 0
Sep 15 20:19:02 my_app augenrules[158319]: backlog 1
Sep 15 20:19:02 my_app augenrules[158319]: backlog_wait_time 60000
Sep 15 20:19:02 my_app systemd[1]: auditd.service: Failed with result 'exit-code'.
Sep 15 20:19:02 my_app systemd[1]: Failed to start Security Auditing Service.
-- Subject: Unit auditd.service has failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- Unit auditd.service has failed.

相关内容