We should be monitoring to ensure that auditd is always running, and yell loudly if it is not.
We ran into an audit bug recently with regard to our immutable rules that caused it to crash. This issue has been fixed upstream, and there is a build in brew. I'll grab the RPMs and throw them in the infrastructure repos shorly.
I pushed out a fixed version of audit, and bastion's auditd seems to be functioning again.
monitoring via nagios
commit e72a5715ed12f728134de23edf89afe4218eed2e Author: Jon Stanley jonstanley@gmail.com Date: Sat Oct 25 22:48:33 2008 +0000
add monitoring via nrpe for auditd
leaving ticket open to make sure that we migrate this to zabbix
I added the audit daemon test for four month ago into zabbix. The test is running well in the "Template Core Linux" for all our boxes. I think we can close this ticket.
Log in to comment on this ticket.