Bug 158097 - pam audit updates for U2
pam audit updates for U2
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: pam (Show other bugs)
4.0
All Linux
high Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Jay Turner
: FutureFeature
Depends On:
Blocks: 113381 156322
  Show dependency treegraph
 
Reported: 2005-05-18 13:26 EDT by Steve Grubb
Modified: 2015-01-07 19:09 EST (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2005-526
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-10-05 07:00:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to add audit enhancements (10.72 KB, patch)
2005-05-18 13:41 EDT, Steve Grubb
no flags Details | Diff
patch to add audit enhancements (10.82 KB, patch)
2005-05-19 14:09 EDT, Steve Grubb
no flags Details | Diff
patch that adds the loginuid module (5.46 KB, patch)
2005-05-19 14:28 EDT, Steve Grubb
no flags Details | Diff
patch to add audit enhancements (11.03 KB, patch)
2005-05-19 15:18 EDT, Steve Grubb
no flags Details | Diff
patch to add audit enhancements (11.25 KB, patch)
2005-05-19 17:24 EDT, Steve Grubb
no flags Details | Diff
patch to add audit enhancements (11.45 KB, patch)
2005-05-26 16:50 EDT, Steve Grubb
no flags Details | Diff
patch to add auditd requirement (4.89 KB, patch)
2005-07-29 20:26 EDT, Steve Grubb
no flags Details | Diff

  None (edit)
Description Steve Grubb 2005-05-18 13:26:06 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050416 Fedora/1.0.3-1.3.1 Firefox/1.0.3

Description of problem:
The pam subsystem needs some updates for eal4 certification.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
new functionality

Additional info:
Comment 1 Steve Grubb 2005-05-18 13:41:25 EDT
Created attachment 114523 [details]
patch to add audit enhancements
Comment 2 Tomas Mraz 2005-05-18 13:42:47 EDT
What about the pam_loginuid?
Comment 3 Steve Grubb 2005-05-19 14:09:49 EDT
Created attachment 114571 [details]
patch to add audit enhancements

New patch that handles ECONNREFUSED
Comment 4 Steve Grubb 2005-05-19 14:28:08 EDT
Created attachment 114572 [details]
patch that adds the loginuid module
Comment 5 Steve Grubb 2005-05-19 15:18:50 EDT
Created attachment 114573 [details]
patch to add audit enhancements

pam_setcred was not logging anything. Fixed.
Comment 6 Steve Grubb 2005-05-19 17:24:26 EDT
Created attachment 114594 [details]
patch to add audit enhancements

This patch adds proper support for pam_setcred.
Comment 7 Steve Grubb 2005-05-26 16:50:06 EDT
Created attachment 114883 [details]
patch to add audit enhancements

This patch adds code for credential reinit and refresh. It also includes the
audit_fd update.
Comment 11 Tomas Mraz 2005-06-16 05:10:33 EDT
Should be fixed in pam >= 0.77-66.7
Comment 12 Steve Grubb 2005-07-29 20:26:52 EDT
Created attachment 117302 [details]
patch to add auditd requirement

This patch corrects the man page and adds a new module option that causes it to
query the kernel to see if the audit daemon is running. CAPP mandates that when
so configured no logins shall occur if the audit daemon is not running. 

Please review and apply.
Comment 13 Steve Grubb 2005-07-29 20:33:19 EDT
It should be noted that the new patch affects only pam_loginuid module. This bug
was reported by IBM today.
Comment 14 Tomas Mraz 2005-08-01 03:22:49 EDT
The new patch is included in pam-0.77-66.10, pam errata updated.
Comment 16 Red Hat Bugzilla 2005-10-05 07:00:35 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2005-526.html

Note You need to log in before you can comment on or make changes to this bug.