desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #134300
[Bug 1478087] Re: ISST-LTE: aureport -l couldn't print out login info on ubuntu 14.04.3
I've created an upstream lightdm merge request to add login and logout
auditing support:
https://code.launchpad.net/~tyhicks/lightdm/auditing/+merge/269828
I've also submitted the (simple) changes needed in the openssh package
to Debian since Colin keeps the Debian and Ubuntu openssh package in
sync:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797727
** Bug watch added: Debian Bug tracker #797727
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797727
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1478087
Title:
ISST-LTE: aureport -l couldn't print out login info on ubuntu 14.04.3
Status in audit package in Ubuntu:
New
Status in lightdm package in Ubuntu:
New
Status in openssh package in Ubuntu:
New
Status in shadow package in Ubuntu:
New
Bug description:
-- Problem Description --
We installed ubuntu 14.04.3 on lakelp1 and installed package auditd. We tried to
ssh to lakelp1 several times and found that "aureport -l" couldn't print out the login
info.
root@lakelp1:~# /etc/init.d/auditd status
* auditd is running.
root@lakelp1:~# auditctl -e 1
AUDIT_STATUS: enabled=1 flag=1 pid=38784 rate_limit=0 backlog_limit=320 lost=12 backlog=1
root@lakelp1:~# grep -i login /var/log/audit/audit.log
type=LOGIN msg=audit(1437641256.987:67): pid=11752 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=4 res=1
type=LOGIN msg=audit(1437642646.478:85): pid=44269 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=5 res=1
type=LOGIN msg=audit(1437642700.295:90): pid=21504 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=6 res=1
type=LOGIN msg=audit(1437642765.339:104): pid=16628 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=7 res=1
type=LOGIN msg=audit(1437644638.593:130): pid=44443 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=8 res=1
root@lakelp1:~# aureport -l
Login Report
============================================
# date time auid host term exe success event
============================================
<no events of interest were found>
This looks like a bug in aureport or libaudit. In addition to giving
admins falsely empty record selections, this would prevent successful
completion of a Common Criteria certification.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1478087/+subscriptions