Bug 1241634
Summary: | LOG_AUTH/LOG_AUTHPRIV should be supported facilities in audispd syslog plugin | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Christopher Cashell <topher-redhat> |
Component: | audit | Assignee: | Steve Grubb <sgrubb> |
Status: | CLOSED ERRATA | QA Contact: | Ondrej Moriš <omoris> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.2 | CC: | lmiksik, omoris, pmoore, pvrabec, sgrubb, topher-redhat |
Target Milestone: | rc | Keywords: | FutureFeature |
Target Release: | 7.3 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | audit-2.6.1-1.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-04 06:12:20 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Christopher Cashell
2015-07-09 16:28:05 UTC
I think the merits of this request should have been discussed on the linux-audit mail list to see if anyone else has an opinion. (In reply to Steve Grubb from comment #2) > I think the merits of this request should have been discussed on the > linux-audit mail list to see if anyone else has an opinion. I wasn't trying to bypass anyone else's opinions. When I submitted this, I wasn't sure how or where to suggest this. I was setting up audit logging, realized that it wasn't accepting the facilities I expected, so I grabbed the source, patched mine to do what I needed, and threw this bug report up here with my (trivial) patch for it. If there is a mailing list where this can or should be discussed for possible inclusion, I'd be happy to send it there. I've installed my patched package on a bunch of internal servers to fit with our audit logging requirements, but I'd love to not have to maintain it. To confirm, linux-audit is where you would like it sent? Yes, that is the mail list. But ask it as a question if other people would like to have this capability. Thanks! If you are not subscribed, I can allow the post through without you needing to subscribe. This landed in the 2.5 release upstream. At this point its not likely to go into RHEL6. It will be in the next RHEL7 update. Moving this bz to RHEL7 for QE testing. Both LOG_AUTH and LOG_AUTHPRIV facilities are working but there is a minor issue remaining in the config file - none of the new facilities is mentioned there: # cat /etc/audisp/plugins.d/syslog.conf # This file controls the configuration of the syslog plugin. # It simply takes events and writes them to syslog. The # arguments provided can be the default priority that you # want the events written with. And optionally, you can give # a second argument indicating the facility that you want events # logged to. Valid options are LOG_LOCAL0 through 7. Fix in upstream commit 1329. Thanks Steve. Bug is now successfully reproduced and verified (TJ#1395546). Facilities LOG_USER, LOG_SYSLOG_ LOG_AUTH and LOG_AUTHPRIV are now supported by the plug-in. The only issues found is mentioned in Comment #10 and already resolved in upstream (Comment #11). In case of future respin in 7.3 errata, it would be good to include that commit. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2418.html |