From a96f5d77669142730440e3c147b6e9d783670e76 Mon Sep 17 00:00:00 2001 From: Brian Cunnie Date: Fri, 2 Jun 2023 12:48:33 -0700 Subject: [PATCH] auditd job has an optional pre-start delay The auditd job's pre-start script can fail when colocated with IPsec. If the pre-start script restarts auditd before IPsec has stabilized, auditd will fail with "No buffer space available", causing the pre-start script to fail. This commit addresses that failure by introducing an optional property, `pre_start_delay`, which can be used to delay the start of the auditd pre-start script, allowing the IPsec pre-start script to finish. Fixes, during `bosh deploy`: ``` 1 of 12 pre-start scripts failed. Failed Jobs: auditd ``` Fixes, from /var/log/daemon.log: ``` auditd[6522]: Error receiving audit netlink packet (No buffer space available) ``` --- jobs/auditd/spec | 4 ++++ jobs/auditd/templates/pre-start | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/jobs/auditd/spec b/jobs/auditd/spec index 5ea1415..726fd96 100644 --- a/jobs/auditd/spec +++ b/jobs/auditd/spec @@ -12,3 +12,7 @@ properties: default: [] example: - "-a always,exit -F perm=x -F auid>=500 -F auid!=4294967295 -F path=/usr/bin/who -k privileged" + pre_start_delay: + description: The number of seconds to delay running the pre-start script. This can be used, for example, to avoid a race condition with other pre-start scripts, such as IPsec's, that can prevent auditd From starting + default: 0 + example: 30 diff --git a/jobs/auditd/templates/pre-start b/jobs/auditd/templates/pre-start index 9b8f4f9..b76b940 100644 --- a/jobs/auditd/templates/pre-start +++ b/jobs/auditd/templates/pre-start @@ -1,5 +1,12 @@ #!/bin/bash +set -xeu -o pipefail + +date +echo Delaying start for '<%= p("pre_start_delay") %>' seconds +sleep '<%= p("pre_start_delay") %>' +date + if ! grep -e '^-e 2$' /etc/audit/rules.d/audit.rules -q; then echo ' # Custom rules; added by auditd job (os-conf-release)