touch-packages team mailing list archive

Thread
Date

[Bug 1414817] Re: [Ubuntu 15.04] Ubuntu should audit account modification events

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Steve Langasek <steve.langasek@xxxxxxxxxxxxx>
Date: Thu, 28 May 2015 16:39:50 -0000
Reply-to: Bug 1414817 <1414817@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: audit (Ubuntu)
Importance: Undecided => High

** Changed in: audit (Ubuntu)
Assignee: Taco Screen team (taco-screen-team) => Mathieu Trudel-Lapierre (mathieu-tl)

--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to audit in Ubuntu.
https://bugs.launchpad.net/bugs/1414817

Title:
[Ubuntu 15.04] Ubuntu should audit account modification events

Status in audit package in Ubuntu:
New

Bug description:
Ubuntu should log user modification events to the system audit trail
(/var/log/audit/audit.log) but does not.

Steps to Verify:

- Install Ubuntu 14.04 on an x86_64 VM
- apt install auditd
- useradd testuser
- ausearch -i

Expected Results:

An audit record should be appended to the audit trail that indicates
testuser was added.

Actual Results:

An appropriate audit event was not appended to the audit trail. A
record is logged in /var/log/auth.log.

Discussion:

Auditable system events should be logged in the standard audit trail
via the Linux audit subsystem. Doing so provides a central location
where sysadmins can monitor security events. The Linux audit subsystem
can be used to meet Common Criteria and compliance hardening standards
requirements. OSPP v2.0
[https://www.commoncriteriaportal.org/files/ppfiles/pp0067b_pdf.pdf]
should provide a good reference for commonly logged audit events and
other audit requirements.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1414817/+subscriptions