Bug 208838
Summary: | Not logging newrole errors as USER_ROLE_CHANGE | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Bastien Nocera <bnocera> | ||||
Component: | policycoreutils | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 5.0 | CC: | dwalsh, pgraner, sgrubb | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | beta2 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-12-23 00:58:20 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Bastien Nocera
2006-10-02 11:00:53 UTC
I don't agree, since you are failing on the login versus failing on the changing of the role. Steve what do you think? All use of authentication mechanism must be audited. The event above is correctly attributing a failed use of that facility. This does not preclude another event being generated by newrole that says USER_ROLE_CHANGE failed. As a matter of fact, I think Mike was working on a patch that does just this. Created attachment 138894 [details]
patch fixing problems described herein
This patch adds an audit message when the password is incorrect. Please Apply.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering. This request is not yet committed for inclusion in release. Fixed in policycoreutils-1.32-1 With policycoreutils-1.33.1-7.el5 I'm not seeing a change: type=USER_AUTH msg=audit(1164217171.511:362): user pid=4619 uid=0 auid=0 subj=root:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: authentication acct=root : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/0 res=failed)' type=USER_ACCT msg=audit(1164217201.031:363): user pid=4622 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' Fixed in policycoreutils-1.33.5-1 A package has been built which should help the problem described in this bug report. This report is therefore being closed with a resolution of CURRENTRELEASE. You may reopen this bug report if the solution does not work for you. |