Cannot login after running up2date
Problem:
Some time after running up2date, it becomes impossible to log in, either from the console or via ssh.
Details:
This problem is caused by a change made in the auditd configuration file provided in the laus-0.1-70RHEL3 package. If auditd is running and there is less than 20% freespace on the partition containing /var/log, then it will not be possible to log into the system in the normal way. This problem is detailed in the RedHat bugzilla report:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158591
Solution:
Boot the computer into single user mode. This will allow access to the system without starting the auditd daemon. To boot into single user mode, append the word single the kernel command line. With the grub bootloader, this is done by highlighting the desired boot entry and pressing the e key to edit it.
Once the system is booted, there are several options:
If the audit functionality is not being used, the daemon can simple be disabled:
# /sbin/chkconfig auditd off
Free up sufficient space on the partition containing /var/log so that > 20% of the partition is empty. Keep in mind that if the free space drops below 20% again in the future, logins will be disabled.
After freeing up space, make the following change to /etc/audit/audit.conf:
Replace:
notify = "/usr/sbin/audbin -S /var/log/audit.d/save.%u -C -T 20%";
With:
notify = "/usr/sbin/audbin -S /var/log/audit.d/save.%u -C -T 20% -N 'rm -f %f'";
This will cause the audit daemon to delete the oldest audit logs when the free space drops below 20%.