auditd 启动报错如下
Oct 21 09:36:39 localhost kernel: type=1400 audit(1603244199.591:5): avc: denied { read } for pid=3061 comm="auditd" name=" audit" dev="dm-0" ino=100663367 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:dosfs_t:s0 tclass=dir
Oct 21 09:36:39 localhost auditd: Could not open dir /var/log/audit (Permission denied)
Oct 21 09:36:39 localhost auditd: The audit daemon is exiting.
Oct 21 09:36:39 localhost systemd: auditd.service: control process exited, code=exited status=6
Oct 21 09:36:39 localhost systemd: Failed to start Security Auditing Service.
Oct 21 09:36:39 localhost systemd: Unit auditd.service entered failed state.
Oct 21 09:36:39 localhost systemd: auditd.service failed.
显示权限不对,网上找了n种方法,尝试过创建文件夹,修改权限等一系列的操作都以失败告终,知其然,知其所以然,audit是selinux记录日志的地方,应该是该路径没有被指定在selinux 的配置文件中,使用以下命令修复
<