APAR status
Closed as program error.
Error description
If there is a user listed in the 'users:' section that does not exist on the system, audit start may fail with an error message that does not properly describe the issue: # audit start ** failed setting kernel audit objects This error can be displayed for a variety of different failures, so it does not always indicate a nonexistent user. In this case, removing the nonexistent user will allow auditing to start.
Local fix
Remove nonexistent users from audit config file.
Problem summary
audit start fails when nonexistent users are included in the users stanza of /etc/security/audit/config
Problem conclusion
A no/yes nonexistent user option flag was added to bin stanza of /etc/security/audit/config, and an error message was added to identify the user preventing audit start when option is 'no'.
Temporary fix
Comments
APAR Information
APAR number
IV91387
Reported component name
AIX V7.1
Reported component ID
5765H4000
Reported release
710
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-12-08
Closed date
2016-12-08
Last modified date
2017-10-13
APAR is sysrouted FROM one or more of the following:
IV89270
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
AIX V7.1
Fixed component ID
5765H4000
Applicable component levels
R710 PSY U868569
UP17/10/13 I 1000
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SG11R"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
Document Information
Modified date:
18 April 2022