The audit lines in systemd journal are independent. auditd wasn’t installed on Whonix-Workstation. Only on Whonix-Gateway. Was only a Depends: in anon-gw-anonymizer-config. No other mentions of it in Whonix source code anywhere. Was only installed to debug ⚓ T537 monitor what changes /var/lib/tor/lock access rights. Since that issue doesn’t happen anymore. rip out that debugging code since causing issues (A start job is running for security auditing service - #3 by Patrick). I am confident we won’t notice a difference.
1 Like