Is anyone else here experiencing issues with their new system deployments being flagged with the following error:
agent.jobs.linux.ui_realtime, Auditd is enabled - the use of auditd Compatibility Mode is required in order to allow the agent and auditd to run side-by-side.
Gauging responses to see how common this is. I’ve developed a script to fix it, but wanted to see if others have the same issue.
I’m having this issue, have written an ansible playbook to try and resolve, but not having much luck so far… Would be very interested in seeing your script if you’re happy to share?
I have several different scripts to account for different OSes (Ubuntu and RHEL) and whether they are using Auditd v2 or v3.
If you provide me with one of the test systems you are working on, I can provide the proper script and steps. Run “auditctl -v” to grab the audit version and cat /etc/os-release to see whether it is (Ubuntu, CentOS, RHEL, etc.).
For obvious reasons, if you don’t feel comfortable providing the OS, just let me know what version of Auditd it is using and I can provide a few options.
Thank you! I’m having issues on Ubuntu 22.04, RHEL 8 and RHEL 9
Appreciate the help