Hi guys / gals. I have a problem with change group and permissions on file /var/log/audit/audit.log. Maybe it’s a bug, but definively it’s not an issue. LOL
The problem is: I need monitoring logs from a zabbix server. So, I’ve changed the group monitoring to “adm”, added “zabbix” user to “adm” group change dir and file group to “adm” (chgrp -R adm /var/log/audit/), changed file and permissions to dir (0640), and log file (0750). and restarted the “auditd” service with no success at all. Same process was sucessfully done in cloudlinux, centos and rocky linux, but no way to do it in AL.
Also can you provide the audit.log file (both here and there so that we can get some insight into what is going on)? It should work the same exact way as on centos, there is no difference.
Hi Jack. I’m not pretty sure if it’s a bug or not, because I’m not too experimented with CentOS-based distros. I was reading a bit about SElinux and its features and did my tests. So, I will reproduce the situation as precise as possible:
I edited my “/etc/audit/auditd.conf” file
Changed the “log_group” parameter to “adm”. Saved changes and closed file edition
usermod -aG adm zabbix
chown -R root:adm /var/log/audit/audit.log
service auditd restart
It worked on CloudLinux and CentOS, but in AL didn’t. I was checking SELinux Configuration. CL and CentOS have SELinux active (enforcing)
BTW, I deactivated SElinux on a test (with “setenforce 0” command), and reboot, but it didn’t worked neither.
It always give me “error 13: permission denied”.
Maybe, for sure, I’m doing something wrong or missing something, but I don’t know.