Patch Name: PHCO_20053 Patch Description: s700_800 10.24 (VVOS) audit cumulative patch Creation Date: 99/10/27 Post Date: 99/11/08 Hardware Platforms - OS Releases: s700: 10.24 s800: 10.24 Products: N/A Filesets: VirtualVaultOS.VVOS-AUX-AUDIT VirtualVaultOS.VVSAUD-ENG-A-MAN VirtualVaultOS.VVOS-AUX-IA Automatic Reboot?: Yes Status: General Release Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHCO_20053 Symptoms: PHCO_20053: 1. When an alarm is created in VirtualVault for high frequency event such as the "Set policy label" event, and notification action logging is configured for this alarm, the notificaton log may contain interspersed audit records. 2. When an alarm is triggered for a high frequency event, the alarm record passed to the notification events can contain garbage strings. PHCO_19674: When an alarm is created in VirtualVault for the "Set policy label" event, and a notification action command is configured for this alarm, intermittently the alarm record passed to the command may contain a line with garbage rather than the proper output. PHCO_13770: The system panics when the filesystem is full and the system is shutdown. PHCO_11132: Reduce and alarmd do not support localization, a feature required by current customers. PHSS_10501: Under certain circumstances, reduce and alarmd can terminate abnormally when processing large audit records. PHCO_10479: The audit daemon creates invalid compaction files when processing very large audit records. PHCO_10375: The system will hang when auditing is enabled and the system load is heavy. Defect Description: PHCO_20053: 1. There is a problem with the way alarms are written to a notification log. There is no synchronization between the many writers. The fix is to lock the notification log before writing. 2. There is also a problem with the synchronization of the alarm message catalog. The children of alarmd are accessing the same file descriptor and they can potentially write on top of each other. PHCO_19674: Calls to the message library routines are nested in such a way as to cause garbled output during the formating of certain error messages. PHCO_13770: If auditd is configured to shutdown the machine when no space is available for audit data, it panics the system instead of gracefully shutting down the machine when there is not filespace left. mkaud has a new -o option that displays the contents of the /tcb/files/audit/audit_parms file. PHCO_11132: This patch allows auditcmd/reduce/alarmd to retrieve their messages out of message catalogs and process multibyte characters. PHSS_10501: Large audit records submitted by privileged programs can result in reduce reporting a potential compression buffer overflow before abnormally terminating. The compression buffer is dynamically allocated and not in the process's stack. PHCO_10479: The audit daemon creates invalid compaction files when processing very large audit records. PHCO_10375: The auditd program loops when the system is under a heavy load. The problem occurs when audit files are switched. SR: 4701349159 4701354761 4701359273 4701359281 4701348854 4701350579 4701349159 5003397893 8606102669 8606106040 Patch Files: /usr/bin/auditcmd /tcb/bin/auditcmd /usr/bin/reduce /tcb/bin/reduce /tcb/bin/alarmd /tcb/bin/auditd /tcb/bin/mkaud /tcb/files/auditrc /usr/lib/nls/msg/C/reduce.cat /usr/lib/nls/msg/C/auditcmd.cat /etc/auth/system/files.fcdb/05.patches/PHCO11132.fcdb /usr/share/man/man1m.Z/auditd.1m /usr/share/man/man1m.Z/mkaud.1m /usr/share/man/man1m.Z/reduce.1m /usr/share/man/man1m.Z/alarmd.1m /usr/share/man/man1m.Z/auditcmd.1m what(1) Output: /tcb/bin/auditd: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Tue Oct 12 10:05:11 EDT 1999 $ Source: seccmd/auditd.c, cmdsaudit, vvos_davis, davi s156 $Date: 99/10/12 09:54:22 $ $Revision: 1 .27.1.6 PATCH_10.24 (PHCO_13770) $ lib/libsecurity/identity.c, libsecurity_util, vvos_d avis, davis156 $Date: 99/10/12 09:54:13 $ $R evision: 1.8 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/mandlib.c, libsecurity_macilb, vvos_ davis, davis156 $Date: 99/10/12 09:54:15 $ $ Revision: 1.17 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/privileges.c, libsecurity_util, vvos _davis, davis156 $Date: 99/10/12 09:54:16 $ $Revision: 1.1.1.12 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/psecerror.c, libsecurity_util, vvos_ davis, davis156 $Date: 99/10/12 09:54:16 $ $ Revision: 1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/subsystems.c, libsecurity_util, vvos _davis, davis156 $Date: 99/10/12 09:54:20 $ $Revision: 1.10.1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/compress.c, libsecurity_audit, vvos_ davis, davis156 $Date: 99/10/12 09:54:09 $ $ Revision: 1.6 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/vendor.c, libsecurity, vvos_davis, d avis156 $Date: 99/10/12 09:56:00 $ $Revision : 1.9 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_conf.c, libsecurity_util, vvos_d avis, davis156 $Date: 99/10/12 09:57:13 $ $R evision: 1.5 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/discr.c, libsecurity_util, vvos_davi s, davis156 $Date: 99/10/12 09:54:10 $ $Revi sion: 1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/authaudit.c, libsecurity_audit, vvos _davis, davis156 $Date: 99/10/12 09:54:08 $ $Revision: 1.21 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_errlst.c, libsecurity_util, vvos _davis, davis156 $Date: 99/10/12 09:54:17 $ $Revision: 1.8 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_nls.c, libsecurity, vvos_davis, davis156 $Date: 99/10/12 10:00:30 $ $Revisio n: 1.1.1.4 PATCH_10.24 (PHCO_12734) $ lib/libsecurity/acllib.c, libsecurity_acl, vvos_davi s, davis156 $Date: 99/10/12 09:54:07 $ $Revi sion: 1.2.3.2 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/auditdb.c, libsecurity_audit, vvos_d avis, davis156 $Date: 99/10/12 09:56:31 $ $R evision: 1.15 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/fields.c, libsecurity_ia, vvos_davis , davis156 $Date: 99/10/12 09:54:10 $ $Revis ion: 1.10 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/fileattr.c, libsecurity_fs, vvos_dav is, davis156 $Date: 99/10/12 09:59:10 $ $Rev ision: 1.9 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/getdvagent.c, libsecurity_ia, vvos_d avis, davis156 $Date: 99/10/12 09:54:11 $ $R evision: 1.14 PATCH_10.24 (PHCO_11251) $ Internal_Unsupported_Version libc.a_ID@@/main/r10dav /libc_dav/15 /ux/libc/libs/libc/archive_pa1/libc.a_ID Oct 12 1999 12:32:13 /tcb/bin/mkaud: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Tue Oct 12 10:05:11 EDT 1999 $ $Source: seccmd/mkaud.c, cmdsaudit, vvos_davis, davi s156 $ $Date: 99/10/12 09:54:25 $ $Revision: 1.22.1.2 PATCH_10.24 (PHSS_13770) $ lib/libsecurity/discr.c, libsecurity_util, vvos_davi s, davis156 $Date: 99/10/12 09:54:10 $ $Revi sion: 1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/identity.c, libsecurity_util, vvos_d avis, davis156 $Date: 99/10/12 09:54:13 $ $R evision: 1.8 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/mandlib.c, libsecurity_macilb, vvos_ davis, davis156 $Date: 99/10/12 09:54:15 $ $ Revision: 1.17 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/privileges.c, libsecurity_util, vvos _davis, davis156 $Date: 99/10/12 09:54:16 $ $Revision: 1.1.1.12 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/subsystems.c, libsecurity_util, vvos _davis, davis156 $Date: 99/10/12 09:54:20 $ $Revision: 1.10.1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_conf.c, libsecurity_util, vvos_d avis, davis156 $Date: 99/10/12 09:57:13 $ $R evision: 1.5 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/authaudit.c, libsecurity_audit, vvos _davis, davis156 $Date: 99/10/12 09:54:08 $ $Revision: 1.21 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_nls.c, libsecurity, vvos_davis, davis156 $Date: 99/10/12 10:00:30 $ $Revisio n: 1.1.1.4 PATCH_10.24 (PHCO_12734) $ lib/libsecurity/acllib.c, libsecurity_acl, vvos_davi s, davis156 $Date: 99/10/12 09:54:07 $ $Revi sion: 1.2.3.2 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/auditdb.c, libsecurity_audit, vvos_d avis, davis156 $Date: 99/10/12 09:56:31 $ $R evision: 1.15 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/fields.c, libsecurity_ia, vvos_davis , davis156 $Date: 99/10/12 09:54:10 $ $Revis ion: 1.10 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/fileattr.c, libsecurity_fs, vvos_dav is, davis156 $Date: 99/10/12 09:59:10 $ $Rev ision: 1.9 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/getdvagent.c, libsecurity_ia, vvos_d avis, davis156 $Date: 99/10/12 09:54:11 $ $R evision: 1.14 PATCH_10.24 (PHCO_11251) $ Internal_Unsupported_Version libc.a_ID@@/main/r10dav /libc_dav/15 /ux/libc/libs/libc/archive_pa1/libc.a_ID Oct 12 1999 12:32:13 /tcb/bin/auditcmd: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Tue Oct 12 10:05:11 EDT 1999 $ seccmd/auditcmd.c, cmdsaudit, vvos_davis, davis156 $ Date: 99/10/12 09:54:22 $ $Revision: 1.14.3. 4 PATCH_10.24 (PHCO_11132) $ lib/libsecurity/getprdfent.c, libsecurity_ia, vvos_d avis, davis156 $Date: 99/10/12 09:54:11 $ $R evision: 1.6.1.4 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/identity.c, libsecurity_util, vvos_d avis, davis156 $Date: 99/10/12 09:54:13 $ $R evision: 1.8 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/mandlib.c, libsecurity_macilb, vvos_ davis, davis156 $Date: 99/10/12 09:54:15 $ $ Revision: 1.17 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/privileges.c, libsecurity_util, vvos _davis, davis156 $Date: 99/10/12 09:54:16 $ $Revision: 1.1.1.12 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/psecerror.c, libsecurity_util, vvos_ davis, davis156 $Date: 99/10/12 09:54:16 $ $ Revision: 1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/subsystems.c, libsecurity_util, vvos _davis, davis156 $Date: 99/10/12 09:54:20 $ $Revision: 1.10.1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_nls.c, libsecurity, vvos_davis, davis156 $Date: 99/10/12 10:00:30 $ $Revisio n: 1.1.1.4 PATCH_10.24 (PHCO_12734) $ lib/libsecurity/auditdb.c, libsecurity_audit, vvos_d avis, davis156 $Date: 99/10/12 09:56:31 $ $R evision: 1.15 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/discr.c, libsecurity_util, vvos_davi s, davis156 $Date: 99/10/12 09:54:10 $ $Revi sion: 1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/fields.c, libsecurity_ia, vvos_davis , davis156 $Date: 99/10/12 09:54:10 $ $Revis ion: 1.10 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/getprpwent.c, libsecurity_ia, vvos_d avis, davis156 $Date: 99/10/12 09:54:12 $ $R evision: 1.9.2.2 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/getprtcent.c, libsecurity_ia, vvos_d avis, davis156 $Date: 99/10/12 09:54:12 $ $R evision: 1.9 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/authaudit.c, libsecurity_audit, vvos _davis, davis156 $Date: 99/10/12 09:54:08 $ $Revision: 1.21 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_conf.c, libsecurity_util, vvos_d avis, davis156 $Date: 99/10/12 09:57:13 $ $R evision: 1.5 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_errlst.c, libsecurity_util, vvos _davis, davis156 $Date: 99/10/12 09:54:17 $ $Revision: 1.8 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/acllib.c, libsecurity_acl, vvos_davi s, davis156 $Date: 99/10/12 09:54:07 $ $Revi sion: 1.2.3.2 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/getdvagent.c, libsecurity_ia, vvos_d avis, davis156 $Date: 99/10/12 09:54:11 $ $R evision: 1.14 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/fileattr.c, libsecurity_fs, vvos_dav is, davis156 $Date: 99/10/12 09:59:10 $ $Rev ision: 1.9 PATCH_10.24 (PHCO_11251) $ Internal_Unsupported_Version libc.a_ID@@/main/r10dav /libc_dav/15 /ux/libc/libs/libc/archive_pa1/libc.a_ID Oct 12 1999 12:32:13 /tcb/bin/reduce: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Tue Oct 12 10:05:11 EDT 1999 $ seccmd/reduce.c, cmdsaudit, vvos_davis, davis157 $Da te: 99/10/12 10:03:33 $ $Revision: 1.72 PATC H_10.24 (PHCO_20053) $ lib/libsecalarm/app_event.c, libsecalarm, vvos_davis , davis156 $Date: 99/10/12 09:59:28 $ $Revis ion: 1.2.1.7 PATCH_10.24 (PHCO_11954) $ lib/libsecurity/acllib.c, libsecurity_acl, vvos_davi s, davis156 $Date: 99/10/12 09:54:07 $ $Revi sion: 1.2.3.2 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/fields.c, libsecurity_ia, vvos_davis , davis156 $Date: 99/10/12 09:54:10 $ $Revis ion: 1.10 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/identity.c, libsecurity_util, vvos_d avis, davis156 $Date: 99/10/12 09:54:13 $ $R evision: 1.8 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/mandlib.c, libsecurity_macilb, vvos_ davis, davis156 $Date: 99/10/12 09:54:15 $ $ Revision: 1.17 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/printbuf.c, libsecurity_util, vvos_d avis, davis156 $Date: 99/10/12 09:54:16 $ $R evision: 1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/privileges.c, libsecurity_util, vvos _davis, davis156 $Date: 99/10/12 09:54:16 $ $Revision: 1.1.1.12 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/subsystems.c, libsecurity_util, vvos _davis, davis156 $Date: 99/10/12 09:54:20 $ $Revision: 1.10.1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_conf.c, libsecurity_util, vvos_d avis, davis156 $Date: 99/10/12 09:57:13 $ $R evision: 1.5 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_nls.c, libsecurity, vvos_davis, davis156 $Date: 99/10/12 10:00:30 $ $Revisio n: 1.1.1.4 PATCH_10.24 (PHCO_12734) $ lib/libsecurity/discr.c, libsecurity_util, vvos_davi s, davis156 $Date: 99/10/12 09:54:10 $ $Revi sion: 1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/getdvagent.c, libsecurity_ia, vvos_d avis, davis156 $Date: 99/10/12 09:54:11 $ $R evision: 1.14 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/authaudit.c, libsecurity_audit, vvos _davis, davis156 $Date: 99/10/12 09:54:08 $ $Revision: 1.21 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/auditdb.c, libsecurity_audit, vvos_d avis, davis156 $Date: 99/10/12 09:56:31 $ $R evision: 1.15 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/fileattr.c, libsecurity_fs, vvos_dav is, davis156 $Date: 99/10/12 09:59:10 $ $Rev ision: 1.9 PATCH_10.24 (PHCO_11251) $ Internal_Unsupported_Version libc.a_ID@@/main/r10dav /libc_dav/15 /ux/libc/libs/libc/archive_pa1/libc.a_ID Oct 12 1999 12:32:13 /tcb/bin/alarmd: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Tue Oct 12 10:05:11 EDT 1999 $ seccmd/reduce.c, cmdsaudit, vvos_davis, davis157 $Da te: 99/10/12 10:03:33 $ $Revision: 1.72 PATC H_10.24 (PHCO_20053) $ seccmd/alarm.c, cmdsaudit, vvos_davis, davis157 $Dat e: 99/10/12 10:03:31 $ $Revision: 1.22.1.7 P ATCH_10.24 (PHCO_20053) $ /tcb/files/auditrc: $Revision: Hewlett-Packard ISSL 1.3.2.6 tcb/files/au ditrc, files_tcb, vvos_davis, davis156 $ $Da te: 98/01/28 15:23:29 $ $Source: tcb/files/auditrc, files_tcb, vvos_davis, d avis156 $ $Date: 99/10/12 09:54:43 $ $Revisi on: 1.3.2.6 PATCH_10.24 (PHSS_13770) $ /usr/bin/auditcmd: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Tue Oct 12 10:05:11 EDT 1999 $ seccmd/auditcmd.c, cmdsaudit, vvos_davis, davis156 $ Date: 99/10/12 09:54:22 $ $Revision: 1.14.3. 4 PATCH_10.24 (PHCO_11132) $ /usr/bin/reduce: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Tue Oct 12 10:05:11 EDT 1999 $ seccmd/reduce.c, cmdsaudit, vvos_davis, davis157 $Da te: 99/10/12 10:03:33 $ $Revision: 1.72 PATC H_10.24 (PHCO_20053) $ /usr/lib/nls/msg/C/reduce.cat: None /usr/lib/nls/msg/C/auditcmd.cat: None /usr/share/man/man1m.Z/reduce.1m: None /usr/share/man/man1m.Z/alarmd.1m: None /usr/share/man/man1m.Z/auditcmd.1m: None /usr/share/man/man1m.Z/auditd.1m: None /usr/share/man/man1m.Z/mkaud.1m: None /etc/auth/system/files.fcdb/05.patches/PHCO11132.fcdb: $Revision: Hewlett-Packard ISSL 1.3 etc/auth/system/ files.fcdb/05.patches/PHCO11132.fcdb, files_ etc, vvos_davis, davis156 $ $Date: 97/08/20 17:03:44 $ etc/auth/system/files.fcdb/05.patches/PHCO11132.fcdb , files_etc, vvos_davis, davis156 $Date: 99/ 10/12 10:00:36 $ $Revision: 1.3 PATCH_10.24 (PHCO_11132) $ cksum(1) Output: 1629701119 462848 /tcb/bin/auditd 3234717159 446464 /tcb/bin/mkaud 2647216694 458752 /tcb/bin/auditcmd 1514432654 544768 /tcb/bin/reduce 1332218392 118784 /tcb/bin/alarmd 2116461937 2642 /tcb/files/auditrc 635487559 20480 /usr/bin/auditcmd 3833481780 102400 /usr/bin/reduce 839177978 27146 /usr/lib/nls/msg/C/reduce.cat 2848346439 1773 /usr/lib/nls/msg/C/auditcmd.cat 2491255109 5671 /usr/share/man/man1m.Z/reduce.1m 263537385 3572 /usr/share/man/man1m.Z/alarmd.1m 1853180505 3275 /usr/share/man/man1m.Z/auditcmd.1m 4077912268 4502 /usr/share/man/man1m.Z/auditd.1m 1356354018 3610 /usr/share/man/man1m.Z/mkaud.1m 599082701 1820 /etc/auth/system/files.fcdb/05.patches/ PHCO11132.fcdb Patch Conflicts: None Patch Dependencies: s700: 10.24: PHCO_11251 PHCO_11954 s800: 10.24: PHCO_11251 PHCO_11954 Hardware Dependencies: None Other Dependencies: None Supersedes: PHCO_10375 PHCO_10479 PHSS_10501 PHCO_11132 PHCO_13770 PHCO_19674 Equivalent Patches: None Patch Package Size: 2240 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHCO_20053 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHCO_20053.depot By default swinstall will archive the original software in /var/adm/sw/patch/PHCO_20053. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. WARNING: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHCO_20053.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHCO_20053.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: If this patch is installed in conjunction with a new VirtualVault 2.0 installation, this patch must be applied after the installation of the VirtualVault software. If this patch is not installed after the VirtualVault software has been loaded, the commands reduce, alarmd, and auditcmd will not be the latest version and the functionality of this patch will be lost. At boot time, the audit daemon must have space available for a minimum of two compaction files in the root filesystem, even if auditing is not enabled. If the space is not available at that time, a shell is brought up so that the system administrator can create the required space. The system cannot continue booting until the required space is available in the root filesystem. When switching to an alternate (multi-user) directory or automatically rolling an audit session to an alternate directory, the requirement for space for a minimum of two compaction files also applies to the alternate filesystem. Without the available space on the alternate filesystem, auditd either shuts down auditing or shuts down the entire system, depending on administrator defined parameters.