group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1722313] Re: [SRU][xenial] Add "--with-audit" config option so that the hwclock command creates an audit record when the hardware clock is altered.

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: dann frazier <dann.frazier@xxxxxxxxxxxxx>
Date: Tue, 10 Oct 2017 15:48:00 -0000
Reply-to: Bug 1722313 <1722313@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: util-linux (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: util-linux (Ubuntu Artful)
   Importance: Undecided
       Status: New

** Also affects: util-linux (Ubuntu Zesty)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1722313

Title:
  [SRU][xenial] Add "--with-audit" config option so that the hwclock
  command creates an audit record when the hardware clock is altered.

Status in util-linux package in Ubuntu:
  New
Status in util-linux source package in Xenial:
  New
Status in util-linux source package in Zesty:
  New
Status in util-linux source package in Artful:
  New
Status in util-linux package in Debian:
  Unknown

Bug description:
  [IMPACT]
  There is a requirement for Common Criteria EAL2 certification that changes to the system's hardware clock be audited/monitored. In Ubuntu the hwclock command can be used to alter the system's hardware clock. Thus this event needs to be audited for EAL2. The hwclock command within util-linux has the ability to create an audit event when the system's hardware clock is altered, but this ability is enabled via the --with-audit config option. This option is currently not enabled.

  Only the hwclock and the login commands within util-linux package use
  this --with-audit config option to enable auditing. However, it
  appears the login command is not built nor shipped in util-linux.
  Ubuntu uses the login command from shadow instead. Thus, only hwclock
  command would be affected by this change. The change would enable (1)
  call to audit_open to create a netlink socket descritor. (2) generate
  an audit entry when system hardware clock altered. The entry will be
  logged into the /var/log/audit/audit.log IF auditd is installed and
  running.

  [TEST]

  This has been tested on both P8 and amd64 architectures. With the
  patch all the Common Criteria testcases pass for hwclock. Before this
  patch, the functional part of the testcase passed, but the check for
  the triggered audit records would fail. Attached the Common Criteria
  testcase below.

  Also, the util-linux package has testcases that get run during the
  build. All of these pass. Pointer to build log below.

  [REGRESSION POTENTIAL]
  The regression potential for this should be small. This change does not take away from any current functionality. It just adds the ability to generate an audit entry when system hardware clock is altered.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions