diff -ur audit-2.7.7.orig/src/auditd.c audit-2.7.7/src/auditd.c --- audit-2.7.7.orig/src/auditd.c 2017-06-16 15:01:41.000000000 -0400 +++ audit-2.7.7/src/auditd.c 2017-07-14 10:54:46.390612992 -0400 @@ -692,6 +692,7 @@ return 1; } + audit_msg(LOG_WARNING, "Starting dispatcher"); if (init_dispatcher(&config)) { if (pidfile) unlink(pidfile); @@ -701,6 +702,7 @@ } /* Get machine name ready for use */ + audit_msg(LOG_WARNING, "Resolving node"); if (resolve_node(&config)) { if (pidfile) unlink(pidfile); @@ -710,6 +712,7 @@ } /* Setup the reconfig notification pipe */ + audit_msg(LOG_WARNING, "Creating reconfig socket"); if (socketpair(AF_UNIX, SOCK_STREAM, 0, pipefds)) { audit_msg(LOG_ERR, "Cannot open reconfig socket"); if (pidfile) @@ -718,19 +721,23 @@ free_config(&config); return 1; } + audit_msg(LOG_WARNING, "Setting CLOEXEC"); fcntl(pipefds[0], F_SETFD, FD_CLOEXEC); fcntl(pipefds[1], F_SETFD, FD_CLOEXEC); /* This had to wait until now so the child exec has happened */ + audit_msg(LOG_WARNING, "Making dispatcher fd private"); make_dispatcher_fd_private(); /* Write message to log that we are alive */ + audit_msg(LOG_WARNING, "Creating DAEMON_START event"); { struct utsname ubuf; char start[DEFAULT_BUF_SZ]; const char *fmt = audit_lookup_format((int)config.log_format); if (fmt == NULL) fmt = "UNKNOWN"; + audit_msg(LOG_WARNING, "Calling uname"); if (uname(&ubuf) != 0) { if (pidfile) unlink(pidfile); @@ -739,6 +746,7 @@ free_config(&config); return 1; } + audit_msg(LOG_WARNING, "Getting subject"); if (getsubj(subj)) snprintf(start, sizeof(start), "op=start ver=%s format=%s " @@ -755,6 +763,7 @@ VERSION, fmt, ubuf.release, audit_getloginuid(), getpid(), getuid(), session); + audit_msg(LOG_WARNING, "Sending event"); if (send_audit_event(AUDIT_DAEMON_START, start)) { audit_msg(LOG_ERR, "Cannot send start message"); if (pidfile) @@ -765,14 +774,18 @@ free_config(&config); return 1; } + audit_msg(LOG_WARNING, "Event sent"); } /* Tell kernel not to kill us */ + audit_msg(LOG_WARNING, "Avoiding oom"); avoid_oom_killer(); /* let config manager init */ + audit_msg(LOG_WARNING, "Initting config manager"); init_config_manager(); + audit_msg(LOG_WARNING, "Setting enabled"); if (opt_startup != startup_nochange && !opt_aggregate_only && (audit_is_enabled(fd) < 2) && audit_set_enabled(fd, (int)opt_startup) < 0) { @@ -805,6 +818,7 @@ } /* Tell the kernel we are alive */ + audit_msg(LOG_WARNING, "Setting pid"); if (!opt_aggregate_only && audit_set_pid(fd, getpid(), WAIT_YES) < 0) { char emsg[DEFAULT_BUF_SZ]; if (*subj) @@ -833,13 +847,16 @@ } /* Depending on value of opt_startup (-s) set initial audit state */ + audit_msg(LOG_WARNING, "Creating event loop"); loop = ev_default_loop (EVFLAG_NOENV); if (!opt_aggregate_only) { + audit_msg(LOG_WARNING, "Setting netlink handler"); ev_io_init (&netlink_watcher, netlink_handler, fd, EV_READ); ev_io_start (loop, &netlink_watcher); } + audit_msg(LOG_WARNING, "Setting signal handlers"); ev_signal_init (&sigterm_watcher, term_handler, SIGTERM); ev_signal_start (loop, &sigterm_watcher); @@ -855,11 +872,14 @@ ev_signal_init (&sigchld_watcher, child_handler, SIGCHLD); ev_signal_start (loop, &sigchld_watcher); + audit_msg(LOG_WARNING, "Setting pipe handler"); ev_io_init (&pipe_watcher, pipe_handler, pipefds[0], EV_READ); ev_io_start (loop, &pipe_watcher); + audit_msg(LOG_WARNING, "Starting tcp handler"); if (auditd_tcp_listen_init(loop, &config)) { char emsg[DEFAULT_BUF_SZ]; + audit_msg(LOG_WARNING, "Start failed"); if (*subj) snprintf(emsg, sizeof(emsg), "op=network-init auid=%u pid=%d uid=%u "