← Back to team overview

kernel-packages team mailing list archive

[Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel

 

Still present with 3.11.0.15.14.
(leaving out the apport-collect, sorry)

# dpkg -l linux-image-generic-lts-saucy
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                              Version                           Description
+++-=================================-=================================-==================================================================================
ii  linux-image-generic-lts-saucy     3.11.0.15.14                      Generic Linux kernel image
# uname -a
Linux alum 3.11.0-15-generic #23~precise1-Ubuntu SMP Tue Dec 10 16:39:48 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
# auditctl -l
No rules
# auditctl -a entry,always -F arch=b64 -S execve -k exec
Error sending add rule data request (Invalid argument)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1158500

Title:
  auditd fails to add rules when used in precise with -lts-quantal
  kernel

Status in “audit” package in Ubuntu:
  New
Status in “linux” package in Ubuntu:
  Incomplete

Bug description:
  auditctl fails to add rules when run with the -lts-quantal kernel

  Eample:
  # auditctl -l
  No rules
  # auditctl -a entry,always -F arch=b64 -S execve -k exec
  Error sending add rule data request (Invalid argument)
  #

  Looks like the syscall table needs updating, it works with the 3.2.0
  kernel.

  Tagging this as a security vulnerability because it fails fairly
  quietly and may lead to high security systems not having required
  auditing (like PCI compliant systems), I only noticed by looking in
  /var/log/boot.log.

  Description:	Ubuntu 12.04.2 LTS
  Release:	12.04

  ii  auditd                             1.7.18-1ubuntu1                    User space tools for security auditing
  ii  linux-image-generic-lts-quantal    3.5.0.26.33                        Generic Linux kernel image

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions