Thanks for the long explanation Steve, I now understand what auditd is and
what interacts with it and why it should be default-enabled.
You can turn it off if you want. :)
You're right, and I'm beginning to suspect that much of my bad experiences
with system-config-services is that # description: foo in the
/etc/init.d/foo scripts is too short and uniformative.
A user that does not know what the daemons are intended for will not know
for sure whether they can enable and disable it or not.
Would you accept this patch to /etc/init.d/auditd:
--- auditd.orig 2008-01-04 22:53:32.000000000 +0100
+++ auditd 2008-01-04 22:58:46.000000000 +0100
@@ -3,7 +3,11 @@
# auditd This starts and stops auditd
#
# chkconfig: 2345 11 88
-# description: This starts the Linux Auditing System Daemon
+# description: This starts the Linux Auditing System Daemon, \
+# which collects security related events in a \
+# dedicated auditing log. Turning it off will not \
+# alter system functionality, security related events \
+# will then be recorded in the default system log.
#
# processname: /sbin/auditd
# config: /etc/sysconfig/auditd
I think this (if it is correct, beware) is what a user of
system-config-services need to know about this particular daemon in order
to make an educated choice of whether or not it should be enabled.
Hm, perhaps the other SELinux related daemons will be likewise
understandable if I make three more such patches...
sigh...
Plese don't give up on me so easily. I have good intentions.
the services should exit if selinux is disabled. Its ok for them to
start up.
Yes, certainly, but how as a user of the system-config-services interface,
would I know that?
s-c-s is itching me somewhere and I try to find out why and what's the
remedy for.
Linus
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
