Edwin GroothuisCustomer complained that two of his systems were shutting down at random times. Not hang, not halt, just shutdown nicely. Hardware was replaced once already (not my call, before I was involved).
First thing I checked, /var/log/messages. Lots of stack traces, but at other times. "Linux version", yups, it was shutdown nicely.
Then I saw these two innocent lines:
2025-11-28T04:34:27 localhost auditd: Audit daemon is low on disk space for logging
2025-11-28T04:34:28 localhost auditd: The audit daemon is now halting the system
I knew that the machines were running auditd, but I had never looked further than that as it was non-enforcing. Checking auditd.conf, it says:
admin_space_left_action = halt
I checked this file from many other systems, and they're all set to "email" instead of "halt", except for the latest release of software.
And that is how I found out that PD had implemented the CIS Linux Benchmark Security Recommendations!
As usual: "We didn't think that it would cause any problems."
Habr
vPierre
winnie, the disassembling bear
Hilko Bengen