Audit-rules.service issue

Ask Fedora
1

I met a strange issue with my system, I use systemctl list-units --all to check all the services in my system and spot that there’s on service give the following result
audit-rules.service loaded failed failed Load Audit Rules
Not sure if this is because I did not set any rules in the audit.rules file?
sudo auditctl -R /etc/audit/audit.rules
No rules

2

Added f40

3 
journalctl --no-pager -b -u audit-rules.service
1 Like
4

Hi Vladislav, thanks ahead, I have the following output:

Jun 16 10:57:32 fedora systemd[1]: Starting audit-rules.service - Load Audit Rules...
Jun 16 10:57:32 fedora augenrules[741]: /usr/sbin/augenrules: No change
Jun 16 10:57:32 fedora augenrules[762]: No rules
Jun 16 10:57:32 fedora systemd[1]: audit-rules.service: Deactivated successfully.
Jun 16 10:57:32 fedora systemd[1]: Finished audit-rules.service - Load Audit Rules.
Jun 16 10:57:32 fedora systemd[1]: Starting audit-rules.service - Load Audit Rules...
Jun 16 10:57:32 fedora augenrules[814]: /usr/sbin/augenrules: No change
Jun 16 10:57:32 fedora augenrules[838]: No rules
Jun 16 10:57:32 fedora systemd[1]: audit-rules.service: Deactivated successfully.
Jun 16 10:57:32 fedora systemd[1]: Finished audit-rules.service - Load Audit Rules.
Jun 16 10:57:32 fedora systemd[1]: Starting audit-rules.service - Load Audit Rules...
Jun 16 10:57:32 fedora augenrules[877]: /usr/sbin/augenrules: No change
Jun 16 10:57:32 fedora augenrules[906]: No rules
Jun 16 10:57:32 fedora systemd[1]: audit-rules.service: Deactivated successfully.
Jun 16 10:57:32 fedora systemd[1]: Finished audit-rules.service - Load Audit Rules.
Jun 16 10:57:33 fedora systemd[1]: Starting audit-rules.service - Load Audit Rules...
Jun 16 10:57:33 fedora augenrules[947]: /usr/sbin/augenrules: No change
Jun 16 10:57:33 fedora augenrules[967]: No rules
Jun 16 10:57:33 fedora systemd[1]: audit-rules.service: Deactivated successfully.
Jun 16 10:57:33 fedora systemd[1]: Finished audit-rules.service - Load Audit Rules.
Jun 16 10:57:33 fedora systemd[1]: Starting audit-rules.service - Load Audit Rules...
Jun 16 10:57:33 fedora augenrules[979]: /usr/sbin/augenrules: No change
Jun 16 10:57:33 fedora augenrules[994]: No rules
Jun 16 10:57:33 fedora systemd[1]: audit-rules.service: Deactivated successfully.
Jun 16 10:57:33 fedora systemd[1]: Finished audit-rules.service - Load Audit Rules.
Jun 16 10:57:33 fedora systemd[1]: audit-rules.service: Start request repeated too quickly.
Jun 16 10:57:33 fedora systemd[1]: audit-rules.service: Failed with result 'start-limit-hit'.
Jun 16 10:57:33 fedora systemd[1]: Failed to start audit-rules.service - Load Audit Rules.
1 Like
5 
sudo systemctl reset-failed audit-rules.service
sudo systemctl restart audit-rules.service
sudo systemctl status audit-rules.service
sudo augenrules --load; echo ${?}
1 Like
6

Here’s the output

× audit-rules.service - Load Audit Rules
     Loaded: loaded (/usr/lib/systemd/system/audit-rules.service; enabled; preset: enabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: failed (Result: start-limit-hit) since Sun 2024-06-16 12:22:02 BST; 9s ago
       Docs: man:auditctl(8)
             https://github.com/linux-audit/audit-documentation
    Process: 8900 ExecStart=/usr/sbin/augenrules --load (code=exited, status=0/SUCCESS)
   Main PID: 8900 (code=exited, status=0/SUCCESS)
        CPU: 35ms

Jun 16 12:22:02 fedora systemd[1]: Starting audit-rules.service - Load Audit Rules...
Jun 16 12:22:02 fedora augenrules[8900]: /usr/sbin/augenrules: No change
Jun 16 12:22:02 fedora augenrules[8915]: No rules
Jun 16 12:22:02 fedora systemd[1]: audit-rules.service: Deactivated successfully.
Jun 16 12:22:02 fedora systemd[1]: Finished audit-rules.service - Load Audit Rules.
Jun 16 12:22:02 fedora systemd[1]: audit-rules.service: Start request repeated too quickly.
Jun 16 12:22:02 fedora systemd[1]: audit-rules.service: Failed with result 'start-limit-hit'.
Jun 16 12:22:02 fedora systemd[1]: Failed to start audit-rules.service - Load Audit Rules.

/usr/sbin/augenrules: No change
No rules
0
1 Like
7

Hi Vladislav, I tried to use this command

sudo dnf reinstall audit

reinstall the audit package, now the problem is solved

○ audit-rules.service - Load Audit Rules
     Loaded: loaded (/usr/lib/systemd/system/audit-rules.service; enabled; preset: enabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: inactive (dead) since Sun 2024-06-16 12:40:30 BST; 2min 7s ago
       Docs: man:auditctl(8)
             https://github.com/linux-audit/audit-documentation
    Process: 10034 ExecStart=/usr/sbin/augenrules --load (code=exited, status=0/SUCCESS)
   Main PID: 10034 (code=exited, status=0/SUCCESS)
        CPU: 17ms

Jun 16 12:40:30 fedora systemd[1]: Starting audit-rules.service - Load Audit Rules...
Jun 16 12:40:30 fedora augenrules[10034]: /usr/sbin/augenrules: No change
Jun 16 12:40:30 fedora augenrules[10049]: No rules
Jun 16 12:40:30 fedora systemd[1]: audit-rules.service: Deactivated successfully.
Jun 16 12:40:30 fedora systemd[1]: Finished audit-rules.service - Load Audit Rules.

Thanks for your support!!!

1 Like