Restarting auditd service gives dependency error

Question

I am trying to configure auditing for docker daemon as follows:

Add the line below to the /etc/audit/audit.rules file:

-w /usr/bin/dockerd -k docker

Then, restart the audit daemon using the following command:

service auditd restart

This gives the following error:

Failed to restart auditd.service: Operation refused, unit auditd.service may be requested by dependency only.

Using systemctl also doesn't work. Is there a workaround or a fix for this?

score 9 · Accepted Answer · answered Apr 13 '20 at 08:53

9

Updating RefuseManualStop to no in the /usr/lib/systemd/system/auditd.service

RefuseManualStop=no

Then reload the daemon as follows:

systemctl daemon-reload

answered Apr 13 '20 at 08:53

hemanik

score 3 · Answer 2 · answered Apr 13 '22 at 15:10

3

Probably 2 years too late but for anyone facing the same on redhat 7. Run;

service auditd condrestart|try-restart

answered Apr 13 '22 at 15:10

WillyMilimo

score 0 · Answer 3 · answered Aug 31 '22 at 01:02

0

Found a solution here. The method to use is

sudo systemctl kill auditd
sudo systemctl start auditd

answered Aug 31 '22 at 01:02

smac89

3 Answers3