0

I am running RHEL7, and my audit log partition randomly (not often, but often enough to annoy me) gets corrupted, preventing me from booting. How can I either prevent the partition from being corrupted, or ignore it and allow the system to continue to boot? "Sledgehammer" answers are acceptable.

Whenever the system becomes corrupted, I run a umount, followed by a xfs_repair -L, followed by a mount. This temporarily fixes the issue until the next time it gets corrupted.

  1. Will disabling auditing via auditd -e 2 or systemctl disable auditd solve this issue?
  2. Is there a way to continue to boot (ignore the partition) if audit log partition is corrupted?
  3. Can I just delete the partition, if I also disable auditing?
  4. Can I put the partition in read-only mode?
  5. Can I automatically detect a corrupted partition and repair it on boot? This answer seems to indicate I can have xfs_repair run on boot, but I'm not fully following the answer.
Improve this question

1 Answer 1

Reset to default
0
+50

Here are some suggestions you can

  1. Disable auditing via auditd -e 2 or systemctl disable auditd: This might solve the issue of audit log partition corruption, as auditing will be disabled and hence no data will be written to the partition. However, you need to weigh the pros and cons of disabling auditing on your system, as it may prevent the system from logging important information.

  2. Ignoring the partition: There isn't a straightforward way to ignore the corrupted partition, but you can try creating a new partition and copying over the data from the corrupted partition to the new partition, and then set the new partition as the audit log partition.

  3. Deleting the partition: This will prevent the system from logging audit data, but as you have already said, this is a "sledgehammer" solution.

  4. Putting the partition in read-only mode: This will prevent the system from writing data to the partition, but will not prevent the partition from becoming corrupted.

  5. Automatically detecting and repairing the partition: You can add a script to automatically run xfs_repair on boot, if the partition is detected to be corrupted. To do this, you can create a script that runs xfs_repair -L and add it to the system startup.

Improve this answer
3
  • Thanks for the reply. How would I do 5, considering it prevents the system from booting? What is the earliest point in the boot sequence can I run this check/repair?
    – dberm22
    Commented Feb 1, 2023 at 15:30
  • Have a look over here : golinuxcloud.com/run-script-at-startup-boot-without-cron-linux
    – Delano zuurman
    Commented Feb 2, 2023 at 16:48
  • Awarding bounty as it is about to expire. Not marking as accepted answer just yet.
    – dberm22
    Commented Feb 6, 2023 at 12:45

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .