desktop-packages team mailing list archive

Thread
Date
[Bug 1478087] Re: Add libaudit support

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Steve Langasek <steve.langasek@xxxxxxxxxxxxx>
Date: Wed, 27 Jan 2016 01:32:32 -0000
Reply-to: Bug 1478087 <1478087@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Hello bugproxy, or anyone else affected,

Accepted openssh into trusty-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.6 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: openssh (Ubuntu Trusty)
       Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1478087

Title:
  Add libaudit support

Status in Light Display Manager:
  Fix Released
Status in Light Display Manager 1.10 series:
  Fix Committed
Status in Light Display Manager 1.14 series:
  Fix Released
Status in Light Display Manager 1.16 series:
  Fix Released
Status in Light Display Manager 1.2 series:
  Won't Fix
Status in audit package in Ubuntu:
  Invalid
Status in lightdm package in Ubuntu:
  Fix Released
Status in openssh package in Ubuntu:
  Fix Released
Status in shadow package in Ubuntu:
  Fix Released
Status in lightdm source package in Trusty:
  Triaged
Status in openssh source package in Trusty:
  Fix Committed
Status in shadow source package in Trusty:
  Fix Committed
Status in lightdm source package in Vivid:
  Triaged
Status in openssh source package in Vivid:
  Triaged
Status in shadow source package in Vivid:
  Triaged
Status in lightdm source package in Wily:
  Fix Released
Status in openssh source package in Wily:
  Fix Released
Status in shadow source package in Wily:
  Fix Released

Bug description:
  [Impact]
  Auditing support is a commonly used feature in large enterprises, and allows better tracking of actions happening on secured systems, especially when it comes to accounting for login events.

  Such systems fail to correctly list login events in aureport due to
  some software not integrating libaudit.

  [Test Case]
  1) Install auditd
  2) Login to the system multiple times (or allow for others to connect to the system)
  3) Run aureport -l

  System should list login information.

  [Regression Potential]
  There is minimal risk for issues since libaudit support only allows for generating extra logging saved on the local system. A possible side-effect of this may be that systems on which auditing is enabled and where there are many users of the affected software (see bug tasks), such as many logins over SSH, there may be an increased demand on disk space necessary for the auditing data.

  ---

  -- Problem Description --
  We installed ubuntu 14.04.3 on lakelp1 and installed package auditd. We tried to
  ssh to lakelp1 several times and found that "aureport -l" couldn't print out the login
  info.

  root@lakelp1:~# /etc/init.d/auditd status
   * auditd is running.

  root@lakelp1:~# auditctl -e 1
  AUDIT_STATUS: enabled=1 flag=1 pid=38784 rate_limit=0 backlog_limit=320 lost=12 backlog=1

  root@lakelp1:~# grep -i login /var/log/audit/audit.log
  type=LOGIN msg=audit(1437641256.987:67): pid=11752 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=4 res=1
  type=LOGIN msg=audit(1437642646.478:85): pid=44269 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=5 res=1
  type=LOGIN msg=audit(1437642700.295:90): pid=21504 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=6 res=1
  type=LOGIN msg=audit(1437642765.339:104): pid=16628 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=7 res=1
  type=LOGIN msg=audit(1437644638.593:130): pid=44443 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=8 res=1

  root@lakelp1:~# aureport -l

  Login Report
  ============================================
  # date time auid host term exe success event
  ============================================
  <no events of interest were found>

  This looks like a bug in aureport or libaudit. In addition to giving
  admins falsely empty record selections, this would prevent successful
  completion of a Common Criteria certification.

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1478087/+subscriptions