I'm need help to configure auditd to execute a script to shutdown the Apache service once the daemon detects that the disk is below the configured "admin_space_left" value.
** /etc/audit/auditd.conf **
...
space_left = 100
space_left_action = email
admin_space_left = 50
admin_space_left_action = EXEC /opt/startup/scripts/audit_log_action.sh
disk_full_action = EXEC /opt/startup/scripts/audit_log_action.sh
...
*********
** /opt/startup/scripts/audit_log_action.sh **
#!/bin/bash
# APSC-DV-001120
# Stops apache when there is low disk space or an error in logging
logger -s "System is low on disk space - stopping Apache httpd service"
/sbin/apachectl stop
**********
I've used 'fallocate' to create files that fill the volume so that only 38M is free but auditd doesn't execute the script to stop the Apache service.
auditd "admin_space_left_action" EXEC <script> does not execute.
-
- Posts: 2
- Joined: 2021/04/19 16:30:24
Re: auditd "admin_space_left_action" EXEC <script> does not execute.
/opt/startup is a non-standard location for things like that and I suspect that selinux won't like auditd trying to execute it. Does it work if you move your script to /usr/local/bin and point the config at that (for testing, you can leave it there or fix the selinux problem after)? Or if you put selinux permissive by running setenforce 0 (lasts only until reboot or setenforce 1).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 2
- Joined: 2021/04/19 16:30:24
Re: auditd "admin_space_left_action" EXEC <script> does not execute.
@TrevorH: Thanks for your reply. The script executes, however the `/sbin/apachectl stop` command isn't working.
The script permissions are 700 root:root.
The script permissions are 700 root:root.
Re: auditd "admin_space_left_action" EXEC <script> does not execute.
On CentOS 7 you should be invoking systemctl stop httpd
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke