Skip to content

kauditd hold queue overflow after hardening with hipaa profile #14565

Open
Open
kauditd hold queue overflow after hardening with hipaa profile#14565
Labels
RHEL10Red Hat Enterprise Linux 10 product related.RHEL9Red Hat Enterprise Linux 9 product related.productization-issueIssue found in upstream stabilization process.triaged
@matusmarhefka

Description

@matusmarhefka
matusmarhefka
opened on Mar 12, 2026

Description of problem:

After system is hardened with hipaa profile and rebooted, journal contains error (kauditd hold queue overflow) which indicates that kernel's internal buffer for storing audit events has filled up.

SCAP Security Guide Version:

master

Operating System Version:

RHEL 9, RHEL 10

Steps to Reproduce:

  1. Run /scanning/boot-errors/hipaa test.

Actual Results:

kernel: audit: kauditd hold queue overflow

Expected Results:

No failure after hardening.

Metadata

Metadata

Assignees

No one assigned

    Labels

    RHEL10Red Hat Enterprise Linux 10 product related.RHEL9Red Hat Enterprise Linux 9 product related.productization-issueIssue found in upstream stabilization process.triaged

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions