- Ошибка в логе загрузки «[FAILED] Failed to start Raise network interfaces.»
- Error while starting the audit daemon
- Oracle Linux: Auditd Service Fails to Start During System Booting Process (Doc ID 2471846.1)
- Changes
- Cause
- To view full details, sign in with your My Oracle Support account.
- Don’t have a My Oracle Support account? Click to get started!
- CentOS
Ошибка в логе загрузки «[FAILED] Failed to start Raise network interfaces.»
Привет. При загрузке системы заметил строку с статус FAILED.
sudo cat /var/log/boot.log | grep -i -A2 failed[FAILED] Failed to start Raise network interfaces. See 'systemctl status networking.service' for details. [ OK ] Reached target Network.sudo systemctl status networking.servicenetworking.service - Raise network interfaces Loaded: loaded (/lib/systemd/system/networking.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Sat 2022-09-03 15:24:21 CEST; 37min ago Docs: man:interfaces(5) Main PID: 623 (code=exited, status=1/FAILURE) сен 03 15:24:20 astra systemd[1]: Starting Raise network interfaces. сен 03 15:24:20 astra ifup[623]: RTNETLINK answers: File exists сен 03 15:24:20 astra ifup[623]: ifup: failed to bring up lo сен 03 15:24:21 astra systemd[1]: networking.service: Main process exited, code=exited, status=1/FAILURE сен 03 15:24:21 astra systemd[1]: Failed to start Raise network interfaces. сен 03 15:24:21 astra systemd[1]: networking.service: Unit entered failed state. сен 03 15:24:21 astra systemd[1]: networking.service: Failed with result 'exit-code'.А что делать дальше я не пойму.
И второй вопрос. В логах загрузки нет нескольких строк, которые появляются выше первых строк лога. Т.е. не пишутся в лог. Поиск по кодам ошибок показал, что это что-то связанное с BIOS. Типа отсутствие какой-то совместимости или что-то в этом роде. С этим надо что-то решать?
Error while starting the audit daemon
What is this error? And how can i get rid of it? Now i’ve also reinstalled the package and still have the same errors. Please help me. While installing the package, get a new error:
Errors were encountered while processing: auditd E: Sub-process /usr/bin/dpkg returned an error code (1) I ran the systemctl status auditd.service and got this ● auditd.service — Security Auditing Service Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: e Active: failed (Result: exit-code) since Mon 2018-06-11 17:47:21 IST; 21s ago Process: 9793 ExecStartPost=/sbin/auditctl -R /etc/audit/audit.rules (code=exi Process: 9791 ExecStart=/sbin/auditd -n (code=exited, status=6) Main PID: 9791 (code=exited, status=6) lines 1-6/6 (END)
And when i ran journalctl -xe , i got this Hint: You are currently not seeing messages from other users and the system. Users in the ‘systemd-journal’ group can see all messages. Pass -q to turn off this notice. No journal files were opened due to insufficient permissions.
This is what i get @Jaay auditd.service — Security Auditing Service Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: e Active: failed (Result: exit-code) since Mon 2018-06-11 18:29:11 IST; 2min 6s Process: 17742 ExecStartPost=/sbin/auditctl -R /etc/audit/audit.rules (code=ex Process: 17739 ExecStart=/sbin/auditd -n (code=exited, status=6) Main PID: 17739 (code=exited, status=6)
Oracle Linux: Auditd Service Fails to Start During System Booting Process (Doc ID 2471846.1)
On Oracle Linux 7 system the Security Auditing Service is failing to start during the boot process, during the boot process we may see the following event under the system messages log file.
Nov 6 15:50:39 hostname systemd: Starting Security Auditing Service.
Nov 6 15:50:39 hostname kernel: type=1400 audit(1541541039.845:4): avc: denied < read >for pid=735 comm=»auditd» name=»audit» dev=»dm-6″ ino=131 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_log_t:s0 tclass=dir
Nov 6 15:50:39 hostname auditd: Could not open dir /var/log/audit (Permission denied)
Nov 6 15:50:39 hostname auditd: The audit daemon is exiting.
Nov 6 15:50:39 hostname systemd: Mounted /var/log/audit.
Nov 6 15:50:39 hostname systemd: auditd.service: control process exited, code=exited status=6
Nov 6 15:50:39 hostname systemd: Failed to start Security Auditing Service.
Nov 6 15:50:39 hostname systemd: Unit auditd.service entered failed state.
Nov 6 15:50:39 hostname systemd: auditd.service failed.
But the service does start properly when manually starting after the system has booted completely
# systemctl status auditd
● auditd.service — Security Auditing Service
Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2018-11-12 08:24:44 CST; 8min ago
Docs: man:auditd(8)
https://github.com/linux-audit/audit-documentation
Process: 26758 ExecStartPost=/sbin/augenrules —load (code=exited, status=0/SUCCESS)
Process: 26753 ExecStart=/sbin/auditd (code=exited, status=0/SUCCESS)
Main PID: 26754 (auditd)
CGroup: /system.slice/auditd.service
└─26754 /sbin/auditd
Nov 12 08:24:44 hostname augenrules[26758]: /sbin/augenrules: No change
Nov 12 08:24:44 hostname augenrules[26758]: No rules
Nov 12 08:24:44 hostname augenrules[26758]: enabled 2
Nov 12 08:24:44 hostname augenrules[26758]: failure 1
Nov 12 08:24:44 hostname augenrules[26758]: pid 26754
Nov 12 08:24:44 hostname augenrules[26758]: rate_limit 0
Nov 12 08:24:44 hostname augenrules[26758]: backlog_limit 64
Nov 12 08:24:44 hostname augenrules[26758]: lost 0
Nov 12 08:24:44 hostname augenrules[26758]: backlog 3
Nov 12 08:24:44 hostname systemd[1]: Started Security Auditing Service.
Changes
No changes has been made to the system.
Cause
To view full details, sign in with your My Oracle Support account.
Don’t have a My Oracle Support account? Click to get started!
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.
Oracle offers a comprehensive and fully integrated stack of cloud applications and platform services. For more information about Oracle (NYSE:ORCL), visit oracle.com. � Oracle | Contact and Chat | Support | Communities | Connect with us | | | | Legal Notices | Terms of Use
CentOS
Hello!
I have a question about auditd that can’t be fixed, I find some solutions in Google but that are not work in my case.
We found the audit.log have no content since 21/Mar last year:
[root@Server09b(omgb)~]# ll -thr /var/log/audit/audit.log* | head -6
-r——— 1 root root 6.1M Mar 21 2018 /var/log/audit/audit.log.4
-r——— 1 root root 6.1M Mar 21 2018 /var/log/audit/audit.log.3
-r——— 1 root root 6.1M Mar 21 2018 /var/log/audit/audit.log.2
-r——— 1 root root 6.1M Mar 21 2018 /var/log/audit/audit.log.1
-rw-rw-r— 1 root root 0 Mar 20 03:10 /var/log/audit/audit.log-20190321
-rw-rw-r— 1 root root 0 Mar 21 03:16 /var/log/audit/audit.log-20190322
[root@Server09b(omgb)~]# ll -thr /var/log/audit/audit.log* | tail -26
-rw-rw-r— 1 root root 0 Sep 11 03:41 /var/log/audit/audit.log-20190912
-rw-rw-r— 1 root root 0 Sep 12 03:23 /var/log/audit/audit.log-20190913
-rw-rw-r— 1 root root 0 Sep 13 03:46 /var/log/audit/audit.log-20190914
-rw-rw-r— 1 root root 0 Sep 14 03:47 /var/log/audit/audit.log-20190915
-rw-rw-r— 1 root root 0 Sep 15 03:07 /var/log/audit/audit.log-20190916
-rw-rw-r— 1 root root 0 Sep 16 03:45 /var/log/audit/audit.log
[root@Server09b(omgb)~]#
And found the auditd is not running now.
[root@Server09b(omgb)~]# systemctl status auditd.service
auditd.service — Security Auditing Service
Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled)
Active: failed (Result: exit-code) since Mon 2019-09-16 16:05:09 SGT; 3 days ago
Process: 21541 ExecStartPost=/sbin/augenrules —load (code=exited, status=0/SUCCESS)
Process: 21540 ExecStart=/sbin/auditd -n (code=exited, status=6)
Main PID: 21540 (code=exited, status=6)
Sep 16 16:05:09 Server09b augenrules[21541]: No rules
Sep 16 16:05:09 Server09b augenrules[21541]: enabled 0
Sep 16 16:05:09 Server09b augenrules[21541]: flag 1
Sep 16 16:05:09 Server09b augenrules[21541]: pid 0
Sep 16 16:05:09 Server09b augenrules[21541]: rate_limit 0
Sep 16 16:05:09 Server09b augenrules[21541]: backlog_limit 320
Sep 16 16:05:09 Server09b augenrules[21541]: lost 0
Sep 16 16:05:09 Server09b augenrules[21541]: backlog 0
Sep 16 16:05:09 Server09b systemd[1]: Failed to start Security Auditing Service.
Sep 16 16:05:09 Server09b systemd[1]: Unit auditd.service entered failed state.
[root@Server09b(omgb)~]#
I tried to restart it but failed.
[root@Server09b(omgb)~]# service auditd stop;systemctl start auditd.service
Stopping logging: [FAILED]
Job for auditd.service failed. See ‘systemctl status auditd.service’ and ‘journalctl -xn’ for details.
The journalctl -x is below:
Sep 16 16:28:22 Server09b systemd[1]: Starting Security Auditing Service.
— Subject: Unit auditd.service has begun with start-up
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/li . temd-devel
—
— Unit auditd.service has begun starting up.
Sep 16 16:28:22 Server09b auditd[56217]: /var/log/audit/audit.log permissions should be 0600 or 0640
Sep 16 16:28:22 Server09b auditd[56217]: The audit daemon is exiting.
Sep 16 16:28:22 Server09b systemd[1]: auditd.service: main process exited, code=exited, status=6/NOTCONFIGURED
Sep 16 16:28:22 Server09b augenrules[56218]: /sbin/augenrules: No change
Sep 16 16:28:22 Server09b augenrules[56218]: No rules
Sep 16 16:28:22 Server09b augenrules[56218]: enabled 0
Sep 16 16:28:22 Server09b augenrules[56218]: flag 1
Sep 16 16:28:22 Server09b augenrules[56218]: pid 0
Sep 16 16:28:22 Server09b augenrules[56218]: rate_limit 0
Sep 16 16:28:22 Server09b augenrules[56218]: backlog_limit 320
Sep 16 16:28:22 Server09b augenrules[56218]: lost 0
Sep 16 16:28:22 Server09b augenrules[56218]: backlog 0
Sep 16 16:28:22 Server09b systemd[1]: Failed to start Security Auditing Service.
— Subject: Unit auditd.service has failed
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/li . temd-devel
—
— Unit auditd.service has failed.
—
— The result is failed.
The log seems indicate the cause is the permission of /var/log/audit/audit.log.
However, I have not change anything in 21/Mar/2018, but just restarted it.
We have 3 servers that have same configuration, no same issue is found in other servers.
The /etc/logrotate.d/syslog, /etc/audit/auditd.conf are below:
[root@Server09b(omgb)~]# cat /etc/audit/auditd.conf
#
# This file controls the configuration of the audit daemon
#
log_file = /var/log/audit/audit.log
log_format = RAW
log_group = root
priority_boost = 4
flush = INCREMENTAL
freq = 20
num_logs = 5
disp_qos = lossy
dispatcher = /sbin/audispd
name_format = NONE
##name = mydomain
max_log_file = 6
max_log_file_action = ROTATE
space_left = 75
space_left_action = SYSLOG
action_mail_acct = root
admin_space_left = 50
admin_space_left_action = SUSPEND
disk_full_action = SUSPEND
disk_error_action = SUSPEND
##tcp_listen_port =
tcp_listen_queue = 5
tcp_max_per_addr = 1
##tcp_client_ports = 1024-65535
tcp_client_max_idle = 0
enable_krb5 = no
krb5_principal = auditd
##krb5_key_file = /etc/audit/audit.key
[root@Server09b(omgb)~]#
[root@Server09b(omgb)~]# cat /etc/logrotate.d/syslog
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/audit/audit.log
rotate 180
daily
create 0664 root root
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
>
Can any professional kindly help and share suggestion to me?