Description of problem: Different ordering of parameters (-m and -ts) gives different results: # TS=$(date "+%x %T") # auditctl -m "TEST" # ausearch -ts $TS -m USER ---- time->Tue May 10 15:51:49 2016 type=USER msg=audit(1462888309.211:4946): pid=18323 uid=0 auid=1000 ses=16 subj=staff_u:lspp_test_r:auditctl_t:s0-s15:c0.c1023 msg='TEST exe="/usr/sbin/auditctl" hostname=? addr=? terminal=pts/5 res=success' # ausearch -m USER -ts $TS <no matches> # ausearch -ts $TS -m USER ---- time->Tue May 10 15:51:49 2016 type=USER msg=audit(1462888309.211:4946): pid=18323 uid=0 auid=1000 ses=16 subj=staff_u:lspp_test_r:auditctl_t:s0-s15:c0.c1023 msg='TEST exe="/usr/sbin/auditctl" hostname=? addr=? terminal=pts/5 res=success' # ausearch -ts $TS ---- time->Tue May 10 15:51:49 2016 type=USER msg=audit(1462888309.211:4946): pid=18323 uid=0 auid=1000 ses=16 subj=staff_u:lspp_test_r:auditctl_t:s0-s15:c0.c1023 msg='TEST exe="/usr/sbin/auditctl" hostname=? addr=? terminal=pts/5 res=success' Version-Release number of selected component (if applicable): audit-2.5.1-1.fc23 How reproducible: 100% Steps to Reproduce: 1. TS=$(date "+%x %T") 2. auditctl -m "TEST" 3. ausearch -m USER -ts $TS 4. ausearch -ts $TS -m USER Actual results: No event in (3) and a single event in (4). Expected results: The same single event in (3) and (4). Additional info: This is a regression from 2.4.5-1.fc23.
Something is definitely wrong. Its acting like a DST bug even though it shouldn't. If the time parameter has an hour subtracted from it, it finds the event.
Amazingly the same source code works fine on RHEL 7.
This program shows a behavior difference between Fedora and RHEL. Should this be a bug on its own? Not sure if this is THE bug, but its A bug. #define _XOPEN_SOURCE #include <stdio.h> #include <time.h> #include <string.h> #include <locale.h> time_t start_time = 0; void init_time(const char *da, const char *ti) { struct tm d; strptime(da, "%x", &d); strptime(ti, "%X", &d); start_time = mktime(&d); } int main(void) { setlocale (LC_ALL, "en_US.utf8"); init_time("06/07/2016", "17:00:00"); printf("Time is: %s\n", ctime(&start_time)); return 0; }
I filed rhbz #1344014 for the mktime issue above.
Fixed in upstream commit #1255. Thsi fix will be in audit-2.5.3 when released.
audit-2.6-3.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-4f6589e252
audit-2.6-3.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-122f332493
audit-2.6-3.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-122f332493
audit-2.6-3.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-4f6589e252
audit-2.6-3.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
audit-2.6.1-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-20e8af4a21
audit-2.6.1-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-20e8af4a21
audit-2.6.2-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-bf659f2cf3
audit-2.6.2-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-afa82d90dd
audit-2.6.2-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-afa82d90dd
audit-2.6.2-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-bf659f2cf3
audit-2.6.2-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.