Bug 1227908

Summary: auditd obsolete built-in options
Product: [openSUSE] openSUSE Tumbleweed Reporter: Martin Loviska <mloviska>
Component: SecurityAssignee: Enzo Matsumiya <ematsumiya>
Status: NEW --- QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: jeos-internal, meissner, pujos.michael, security-team
Version: CurrentFlags: ematsumiya: needinfo?
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://openqa.opensuse.org/tests/4344305/modules/journal_check/steps/15
Whiteboard:
Found By: openQA Services Priority:
Business Priority: Blocker: No
Marketing QA Status: --- IT Deployment: ---
Attachments: first boot log

Description Martin Loviska 2024-07-16 09:48:14 UTC 
Created attachment 876065 [details]
first boot log

## Observation

Messages reporting obsolete options used have been found in the journal after firstboot of openSUSE-Tumbleweed-Minimal-VM.x86_64-1.0.0-Cloud-Snapshot20240715.qcow2 image.

> Jul 16 04:26:51.145571 localhost systemd[1]: Starting Update is Completed...
> Jul 16 04:26:51.185487 localhost auditd[1255]: Option builtin_af_unix line 10 is obsolete - using /sbin/audisp-af_unix
> Jul 16 04:26:51.185493 localhost auditd[1255]: Option builtin line 11 is obsolete - update it
> Jul 16 04:26:51.186062 localhost systemd[1]: Finished Update is Completed.
> Jul 16 04:26:51.186340 localhost auditd[1255]: No plugins found, not dispatching events
> Jul 16 04:26:51.186555 localhost auditd[1255]: Init complete, auditd 3.1.1 listening for events (startup state enable)
> Jul 16 04:26:51.187204 localhost systemd[1]: Started Security Auditing Service.

openQA test in scenario opensuse-Tumbleweed-JeOS-for-OpenStack-Cloud-x86_64-jeos-no-cloud@64bit_virtio fails in
[journal_check](https://openqa.opensuse.org/tests/4344305/modules/journal_check/steps/15)


## Reproducible

Image was tested previously in openQA
Comment 1 Matthias Gerstner 2024-07-16 13:14:23 UTC 
Assigning to audit maintainer.
Comment 2 Michael Pujos 2024-07-16 18:21:52 UTC 
Audit is on version 3.1.1 which is more than 1 year old. The latest one(in the 3.x branch) is 3.1.4 and it should be updated to that.
Comment 3 Martin Loviska 2024-07-18 11:30:01 UTC 
(In reply to Michael Pujos from comment #2)
> Audit is on version 3.1.1 which is more than 1 year old. The latest one(in
> the 3.x branch) is 3.1.4 and it should be updated to that.

The messages are still present in the latest Build20240717[1]. Who should do the version bump?

[1] https://openqa.opensuse.org/tests/4348089#step/journal_check/8
Comment 4 Enzo Matsumiya 2024-07-18 18:55:38 UTC 
(In reply to Martin Loviska from comment #3)
> The messages are still present in the latest Build20240717[1]. Who should do
> the version bump?
> 
> [1] https://openqa.opensuse.org/tests/4348089#step/journal_check/8

I should, and I will.

I'm just buried in other high priority tasks, but I'll submit a version bump tomorrow at the latest.
Comment 5 Enzo Matsumiya 2024-07-18 19:25:49 UTC 
(In reply to Michael Pujos from comment #2)
> Audit is on version 3.1.1 which is more than 1 year old. The latest one(in
> the 3.x branch) is 3.1.4 and it should be updated to that.

Since it's for Factory, I'll bump it to the latest upstream (v4.0.1).

Please let me know if anyone disagrees.