← Back to team overview

kernel-packages team mailing list archive

[Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel


Am I missing something or the current workaround is to use exit,always

You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.

  auditd fails to add rules when used in precise with -lts-quantal

Status in audit package in Ubuntu:
  In Progress
Status in linux package in Ubuntu:

Bug description:
  auditctl fails to add rules when run with the -lts-quantal kernel

  # auditctl -l
  No rules
  # auditctl -a entry,always -F arch=b64 -S execve -k exec
  Error sending add rule data request (Invalid argument)

  Looks like the syscall table needs updating, it works with the 3.2.0

  Tagging this as a security vulnerability because it fails fairly
  quietly and may lead to high security systems not having required
  auditing (like PCI compliant systems), I only noticed by looking in

  Description:	Ubuntu 12.04.2 LTS
  Release:	12.04

  ii  auditd                             1.7.18-1ubuntu1                    User space tools for security auditing
  ii  linux-image-generic-lts-quantal                        Generic Linux kernel image

To manage notifications about this bug go to: