Bug 165610

Summary: Debug output in console
Product: [Fedora] Fedora Reporter: Mephisto <mephisto>
Component: auditAssignee: Steve Grubb <sgrubb>
Status: CLOSED NOTABUG QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 4CC: dwmw2
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-08-17 14:04:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mephisto 2005-08-10 19:17:17 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b3) Gecko/20050729 Fedora/1.1-0.2.5.deerpark.alpha2 Firefox/1.0+

Description of problem:
Ever since an audit-libs update a few months ago i've been seeing debug output on the console whenever i log in or right after boot. i was expecting this to be fixed soon, since its pretty annoying and obvious (i've also seen this on my brother's computer after i upgraded it from FC3 to FC4, so its not just my box), but since it doesnt seem likely that its gonna be fixed soon (its been there since at least the release of FC4), i'll just file it as bug report...
below i've attached some text of what i see on the first console after i have booted my computer and logged in.

Version-Release number of selected component (if applicable):
audit-libs-1.0.2-1.FC4

How reproducible:
Always

Steps to Reproduce:
1. boot a computer running FC4
2. log in
  

Actual Results:  something that looks like debug output is displayed on the console

Expected Results:  there should not have been debug output on the console

Additional info:

Fedora Core release 4 (Stentz)
Kernel 2.6.12.4-fbs on an i686

chii login: audit(1123700534.284:0): user pid=2163 uid=0 length=144
loginuid=4294967295 msg='PAM bad_ident: user=? exe="/usr/bin/gdm-binary"
(hostname=?, addr=?, terminal=? result=User not known to the underlying
authentication module)'
mephisto
Password:
audit(1123700866.235:0): user pid=1954 uid=0 length=104 loginuid=4294967295
msg='PAM authentication: user=mephisto exe="/bin/login" (hostname=?, addr=?,
terminal=tty1 result=Success)'
audit(1123700866.235:0): user pid=1954 uid=0 length=100 loginuid=4294967295
msg='PAM accounting: user=mephisto exe="/bin/login" (hostname=?, addr=?,
terminal=tty1 result=Success)'
audit(1123700866.236:0): user pid=1954 uid=0 length=100 loginuid=4294967295
msg='PAM session open: user=mephisto exe="/bin/login" (hostname=?, addr=?,
terminal=tty1 result=Success)'
audit(1123700866.237:0): user pid=1954 uid=0 length=96 loginuid=4294967295
msg='PAM setcred: user=mephisto exe="/bin/login" (hostname=?, addr=?,
terminal=tty1 result=Success)'
Last login: Wed Aug 10 21:02:21 on :0
[mephisto@chii ~]$ su -
Password:
audit(1123700880.060:0): user pid=2493 uid=500 length=96 loginuid=4294967295
msg='PAM authentication: user=root exe="/bin/su" (hostname=?, addr=?,
terminal=tty1 result=Success)'
audit(1123700880.060:0): user pid=2493 uid=500 length=92 loginuid=4294967295
msg='PAM accounting: user=root exe="/bin/su"
(hostname=?, addr=?, terminal=tty1 result=Success)'
audit(1123700880.061:0): user pid=2493 uid=500 length=96 loginuid=4294967295
msg='PAM session open: user=root exe="/bin/su" (hostname=?, addr=?,
terminal=tty1 result=Success)'
audit(1123700880.061:0): user pid=2493 uid=500 length=88 loginuid=4294967295
msg='PAM setcred: user=root exe="/bin/su" (hostname=?, addr=?, terminal=tty1
result=Success)'
[root@chii ~]#
Comment 1 Steve Grubb 2005-08-10 19:21:56 UTC 
This sounds like a kernel problem that might have been fixed. What kernel are
you using? Do you have the audit daemon running?
Comment 2 Mephisto 2005-08-10 19:51:04 UTC 
i'm using a custom kernel, but the kernel wasn't the problem here. i didn't have
the audit deamon installed. the problem went away after installing the audit
package (i only had the libs) and starting the deamon. seems like it was just a
dependency problem in the package then, cause the deamon doesn't get installed
after an FC3->FC4 upgrade.
Comment 3 Steve Grubb 2005-08-10 21:12:22 UTC 
There is no dependency problem. The messages on the console stem from a kernel
bug that may not have been patched. Installing the audit daemon was a temporary
workaround that I was going to suggest.
Comment 4 Mephisto 2005-08-10 21:19:33 UTC 
What patch do i need to apply to my kernel to solve this problem? I'm using
2.6.12.4. And is that patch still necessary with the 2.6.13 series?
Comment 5 Steve Grubb 2005-08-10 21:27:46 UTC 
Most likely, kernel/audit.c, audit_receive_msg(), sb:

        case AUDIT_USER:
        case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
                if (!audit_enabled && msg_type != AUDIT_USER_AVC)
                        return 0;


I don't know if this is upstream yet.
Comment 6 David Woodhouse 2005-08-17 13:03:36 UTC 
Why was this reassigned to the kernel? It's userspace which is violating the
Fedora policies about working (properly) with the upstream and older kernels as
much as possible.

We shouldn't be generating these audit messages in the default case -- they
should be generated only when the system is explicitly configured to do so.

This bug should probably be cloned and assigned to pam, sshd, crond, etc. Or
possibly fixed in audit-libs.
Comment 7 Steve Grubb 2005-08-17 14:04:49 UTC 
This bug was assigned to the kernel since the kernel is missing the above patch.
But after further review, the reporter is using a custom kernel. I really can't
solve that problem. 

The design of the system depends on the kernel making the decision about how to
disposition the audit event. Upstream should have all the audit patches soon.

The bug reporter found a workaround, booting with audit=0 might also help.