Bug 1767054
Summary: | audit rules exist as documentation not package shared data | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Steve Milner <smilner> |
Component: | audit | Assignee: | Steve Grubb <sgrubb> |
Status: | CLOSED ERRATA | QA Contact: | Ondrej Moriš <omoris> |
Severity: | unspecified | Docs Contact: | Mirek Jahoda <mjahoda> |
Priority: | unspecified | ||
Version: | 8.1 | CC: | josorior, jpazdziora, miabbott, mjahoda, omoris |
Target Milestone: | rc | ||
Target Release: | 8.2 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | audit-3.0-0.14.20191104git1c2f876 | Doc Type: | Enhancement |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-28 16:46:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Steve Milner
2019-10-30 15:25:42 UTC
this would be very useful for us to document for customers how to link the appropriate files via MachineConfig, for customers that need to meet FedRAMP moderate for instance. Instead of telling them to copy entire audit rules into MachineConfig files. Upstream commit f515921 now places the audit rules in /usr/share/audit/sample-rules/ This is planned to be pulled in by the audit rebase bug 1757986. audit-3.0-0.14.20191104git1c2f876 has been built to address this issue. Successfully verified. NEW (audit-3.0-0.15.20191104git1c2f876.el8) =========================================== :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Setup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 16:33:07 ] :: [ PASS ] :: Checking for the presence of audit rpm :: [ 16:33:07 ] :: [ LOG ] :: Package versions: :: [ 16:33:07 ] :: [ LOG ] :: audit-3.0-0.15.20191104git1c2f876.el8.x86_64 :: [ 16:33:14 ] :: [ PASS ] :: Starting auditd service (Expected 0, got 0) :: [ 16:33:14 ] :: [ PASS ] :: Removing all rules (Expected 0, got 0) :: [ 16:33:14 ] :: [ LOG ] :: There are 34 rule files provided :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 7s :: Assertions: 3 good, 0 bad :: RESULT: PASS (Setup) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Rules location :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/10-base-config.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/10-no-audit.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/11-loginuid.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/12-cont-fail.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/12-ignore-error.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/20-dont-audit.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/21-no32bit.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/22-ignore-chrony.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/23-ignore-filesystems.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/30-nispom.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/30-ospp-v42-1-create-failed.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/30-ospp-v42-1-create-success.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/30-ospp-v42-2-modify-failed.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/30-ospp-v42-2-modify-success.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/30-ospp-v42-3-access-failed.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/30-ospp-v42-3-access-success.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/30-ospp-v42-4-delete-failed.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/30-ospp-v42-4-delete-success.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/30-ospp-v42-5-perm-change-failed.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/30-ospp-v42-5-perm-change-success.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/30-ospp-v42-6-owner-change-failed.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/30-ospp-v42-6-owner-change-success.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/30-ospp-v42.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/30-pci-dss-v31.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/30-stig.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/31-privileged.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/32-power-abuse.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/40-local.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/41-containers.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/42-injection.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/43-module-load.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/70-einval.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/71-networking.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :: [ 16:33:14 ] :: [ PASS ] :: Checking /usr/share/audit/sample-rules/99-finalize.rules (Assert: '/usr/share/audit/sample-rules' should equal '/usr/share/audit/sample-rules') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 0s :: Assertions: 34 good, 0 bad :: RESULT: PASS (Rules location) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1812 |