You are not logged in.

#1 2017-09-12 21:40:59

LnX_Archer
Member
Registered: 2017-09-06
Posts: 9

e4rat-lite won't generate a startup.log file

Hi!

I have been trying to speed up the boot of my newly installed arch laptop, by installing e4rat, following this guide. I have however run into some trouble, no startup.log is being created and the troubleshooting tips didn't help.
I have the exact same issue as in this old thread.

I set it up with grub, in the /etc/default/grub file, like so:

GRUB_CMDLINE_LINUX_DEFAULT="kernel /vmlinuz-linux root=/dev/disk/by-label/ARCH init=/sbin/e4rat-lite-collect ro 5 quiet"

Just like in the old thread I get these messages on boot:

Cannot open audit socket
Cannot disable audit socket
Cannot disable current pid

In the old thread there was no actual solution, that is why I am raising the issue again. They talked a bit about re-compiling the kernel with some audit settings, but I would like to avoid having to re-compile the kernel if possible. Any other solutions to this? Need any other logs/info?

Any help is appreciated, thanks!

Offline

#2 2017-09-12 21:49:01

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 23,007
Website

Re: e4rat-lite won't generate a startup.log file


Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Offline

#3 2017-09-12 21:51:58

slithery
Member
Registered: 2013-12-01
Posts: 1,631

Re: e4rat-lite won't generate a startup.log file

Wiki wrote:

Probably you will need audit=1 to add to your kernel parameters.

Does this help?

Offline

#4 2017-09-12 21:53:03

LnX_Archer
Member
Registered: 2017-09-06
Posts: 9

Re: e4rat-lite won't generate a startup.log file

jasonwryan wrote:

Aww, man. That really needs to be more attention grabbing. My bad. I'll try that and get back to you.

Last edited by LnX_Archer (2017-09-13 21:35:17)

Offline

#5 2017-09-13 21:35:25

LnX_Archer
Member
Registered: 2017-09-06
Posts: 9

Re: e4rat-lite won't generate a startup.log file

Well, now I have rebuilt the kernel
I started by installing asp and using:

$ ASPROOT=. asp checkout linux

so I got the kernel, renamed it in PKGBUILD:

pkgbase=linux-audit

Then I compiled it with config.x86_64:

...
CONFIG_POSIX_MQUEUE_SYSCTL=y
CONFIG_CROSS_MEMORY_ATTACH=y
CONFIG_FHANDLE=y
# CONFIG_USELIB is not set
CONFIG_AUDIT=y
CONFIG_AUDITSYSCALL=y
CONFIG_HAVE_ARCH_AUDITSYSCALL=y
...

Then I pulled down audit:

$ ASPROOT=. asp checkout linux

and added staticlibs to the PKGBUILD options:

...
makedepends=('libldap' 'swig' 'linux-headers' 'python' 'python2')
license=('GPL')
options=('emptydirs' 'staticlibs')
backup=(
  etc/libaudit.conf
...

and compiled audit.

Then I installed the kernel with:

$ sudo pacman -U linux-audit-headers-4.12.12-1-x86_64.pkg.tar.xz 
$ sudo pacman -U linux-audit-4.12.12-1-x86_64.pkg.tar.xz 

and audit with:

sudo pacman -U audit-2.7.6-2-x86_64.pkg.tar.xz 

Then I edited my /etc/default/grub to:

...
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="kernel /vmlinuz-linux-audit root=/dev/disk/by-label/ARCH init=/sbin/e4rat-lite-collect audit=1"
GRUB_CMDLINE_LINUX=""
GRUB_FORCE_HIDDEN_MENU="true"
...

and ran

sudo grub-mkconfig -o /boot/grub/grub.cfg

I then rebooted and still got the same errors as before:

$ sudo dmesg | grep audit
[    0.000000] Command line: BOOT_IMAGE=/vmlinuz-linux-lts root=UUID=176e2a47-6e84-4da0-bdd2-310c3b27ac8a rw kernel /vmlinuz-linux-audit root=/dev/disk/by-label/ARCH init=/sbin/e4rat-lite-collect audit=1
[    0.000000] Kernel command line: BOOT_IMAGE=/vmlinuz-linux-lts root=UUID=176e2a47-6e84-4da0-bdd2-310c3b27ac8a rw kernel /vmlinuz-linux-audit root=/dev/disk/by-label/ARCH init=/sbin/e4rat-lite-collect audit=1
[    5.071161] [Logging] Cannot open audit socket
[    5.071329] [Logging] Cannot disable audit socket

What am I missing or doing wrong? My first time re-compiling the kernel and what not, so might be something trivial.

Any help is appriciated, thanks!

Last edited by LnX_Archer (2017-09-13 21:35:36)

Offline

#6 2017-09-14 23:25:48

LnX_Archer
Member
Registered: 2017-09-06
Posts: 9

Re: e4rat-lite won't generate a startup.log file

PROGRESS!!

After spending some time reading anything I could find on this, I came to the conclusion that I had done the kernel and audit compilations correctly. So it seemed that the grub set up must be off. Since I couldn't find anymore info on how to set it up, other than what I already had, I decided to install the grub customizer. Best decision ever. Input the settings and rebooted. Now the right kernel is used and auditd service is running properly.

The only thing left now is that the startup.log isn't being created by e4rat.
Even with verbosity and loglevel set to 31 in the config file, the only warning I get is when ending the collection:

$ dmesg | grep e4rat
[  201.835197] [Logging] Cannot read pid from file /dev/.e4rat-lite-collect.pid: No such file or directory

It seems to me that the e4rat-lite-collect process is never run, since there is no pid and nothing gets written to the startup.log. I have even changed the location to /var/log/e4rat-lite/startup.log (from /var/lib/e4rat-lite/startup.log) and "pre-created" the startup.log file.
Still nothing gets written to it. I have tried all the solutions in the startup.log is not created section, but nothing has helped.

For reference, here is my kernel params:

root=/dev/disk/by-label/ARCH init=/sbin/e4rat-lite-collect

and my e4rat-lite.config:

; e4rat-lite configuration file

[Global]
; Verbosity
verbose=31

; Loglevel
loglevel=31

; Path to the main initialization process
init_file=/usr/lib/systemd/systemd

; Default location for the boot log
startup_log_file=/var/log/e4rat-lite/startup.log

; ------------------

[Collect]

; Collect files only on ext4 devices [true/false]
ext4_only=false

; Ignore opened files (already running processes) [true/false]
exclude_open_files=false

; Time (in seconds) to wait before finalizing the collect
timeout=120

; ------------------

[Realloc]

; Defragmentation method [auto/pa/tld/locality_group]
defrag_mode=auto

Offline

#7 2017-09-18 19:07:07

LnX_Archer
Member
Registered: 2017-09-06
Posts: 9

Re: e4rat-lite won't generate a startup.log file

Some more information uncovered. This Gentoo thread seems to indicate that you also need to set up the initramfs properly or use a kernel without initramfs to get e4rat working.
Also asked my own question on gentoo to get some more info on this. Seems that the initramfs is my issue, since I have not made any config with the initramfs at all.

Unless someone here has some other information on this? Since the e4rat wikipage has no mention of initramfs at all.

If the initramfs indeed has to be configured for e4rat, then the e4rat wikipage needs to be updated with this information, since there is no mention of initramfs on the page and the standard arch kernel comes with initramfs.

Thoughts?

Any help is appreciated, thanks.

Offline

Board footer

Powered by FluxBB