Linux 在docker容器中运行Audited
我试图在centos docker容器中配置rsyslog客户端,我注意到以下错误。由于auditd故障,rsyslogd正在退出 你知道如何让rsyslog服务在centos docker容器中工作吗 我试过了,但运气不好Linux 在docker容器中运行Audited,linux,docker,centos,Linux,Docker,Centos,我试图在centos docker容器中配置rsyslog客户端,我注意到以下错误。由于auditd故障,rsyslogd正在退出 你知道如何让rsyslog服务在centos docker容器中工作吗 我试过了,但运气不好 May 16 09:49:35 ad5de951dcd4 auditd[312]: Started dispatcher: /sbin/audispd pid: 316 May 16 09:49:35 ad5de951dcd4 auditd[312]: Unable to
May 16 09:49:35 ad5de951dcd4 auditd[312]: Started dispatcher: /sbin/audispd pid: 316
May 16 09:49:35 ad5de951dcd4 auditd[312]: Unable to set initial audit startup state to 'enable', exiting
May 16 09:49:35 ad5de951dcd4 auditd[312]: The audit daemon is exiting.
May 16 09:49:35 ad5de951dcd4 systemd: auditd.service: main process exited, code=exited, status=1/FAILURE
May 16 09:49:35 ad5de951dcd4 audispd: syslog plugin initialized
May 16 09:49:35 ad5de951dcd4 audispd: audispd initialized with q_depth=150 and 1 active plugins
May 16 09:49:35 ad5de951dcd4 augenrules: /sbin/augenrules: No change
May 16 09:49:35 ad5de951dcd4 auditctl: The audit system is disabled
May 16 09:49:35 ad5de951dcd4 systemd: Failed to start Security Auditing Service.
May 16 09:49:35 ad5de951dcd4 systemd: Unit auditd.service entered failed state.
May 16 09:49:35 ad5de951dcd4 systemd: auditd.service failed.
May 16 09:49:53 ad5de951dcd4 systemd: Starting Security Auditing Service...
May 16 09:49:53 ad5de951dcd4 auditd[330]: Started dispatcher: /sbin/audispd pid: 333
May 16 09:49:53 ad5de951dcd4 auditd[330]: Unable to set initial audit startup state to 'enable', exiting
May 16 09:49:53 ad5de951dcd4 auditd[330]: The audit daemon is exiting.
May 16 09:49:53 ad5de951dcd4 systemd: auditd.service: main process exited, code=exited, status=1/FAILURE
May 16 09:49:53 ad5de951dcd4 audispd: syslog plugin initialized
May 16 09:49:53 ad5de951dcd4 audispd: audispd initialized with q_depth=150 and 1 active plugins
May 16 09:49:53 ad5de951dcd4 augenrules: /sbin/augenrules: No change
May 16 09:49:53 ad5de951dcd4 auditctl: The audit system is disabled
May 16 09:49:53 ad5de951dcd4 systemd: Failed to start Security Auditing Service.
May 16 09:49:53 ad5de951dcd4 systemd: Unit auditd.service entered failed state.
May 16 09:49:53 ad5de951dcd4 systemd: auditd.service failed.
May 16 10:09:57 ad5de951dcd4 systemd: Reloading.
May 16 10:10:02 ad5de951dcd4 systemd: Reloading.
May 16 10:10:10 ad5de951dcd4 rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="421" x-info="http://www.rsyslog.com"] exiting on signal 2.
很抱歉,这并不能直接解决rsyslog问题,但会为您提供一条调查路线 Audited目前在docker中不起作用(我遇到了类似的问题),请参阅以下线程:
因此,如果auditd对您的使用不是至关重要的,您应该找到一种在rsyslog中禁用它的方法。将Dockerfile添加到您的问题中。我使用的是基本centos容器,在该容器中使用以下命令安装了一些服务
yum install rsyslog rsyslog doc yum install rsyslog gnutls yum-y install audit yum-y install initscripts