Bug 159215 - shadow-utils updates for new audit system
shadow-utils updates for new audit system
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: shadow-utils (Show other bugs)
All Linux
high Severity medium
: ---
: ---
Assigned To: Peter Vrabec
David Lawrence
: FutureFeature
Depends On:
Blocks: 113381 156322
  Show dependency treegraph
Reported: 2005-05-31 13:19 EDT by Steve Grubb
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version: RHBA-2005-309
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-10-05 08:42:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch to add audit enhancements (59.84 KB, patch)
2005-06-21 17:28 EDT, Steve Grubb
no flags Details | Diff
patch to add audit enhancements (59.91 KB, patch)
2005-07-06 17:01 EDT, Steve Grubb
no flags Details | Diff
patch to add audit enhancements (61.04 KB, patch)
2005-07-15 12:55 EDT, Steve Grubb
no flags Details | Diff
patch to add audit enhancements (63.88 KB, patch)
2005-07-28 16:57 EDT, Steve Grubb
no flags Details | Diff

  None (edit)
Description Steve Grubb 2005-05-31 13:19:13 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
The shadow-utils package needs some updates for the eal4 certification. I will attach a patch that provides it.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. New functioanlity

Additional info:
Comment 2 Steve Grubb 2005-06-21 17:28:36 EDT
Created attachment 115781 [details]
patch to add audit enhancements

This patch provides the needed updates to log important events into the audit
system. This is needed for IBM's eal/CAPP certification. If you could please
review this patch and build at the first opportunity, that would be
appreciated. IBM needs all rpms that are part of the certification this week.
Comment 3 Steve Grubb 2005-06-21 17:32:04 EDT
You will need to add BuildRequires: audit-libs-devel >= 0.9.8
Comment 5 Steve Grubb 2005-07-06 17:01:17 EDT
Created attachment 116433 [details]
patch to add audit enhancements

IBM found some problems in the previous patch. A new one is attached that
better identifies the account or group being modified. Please apply it. Thanks.
Comment 6 Peter Vrabec 2005-07-07 07:15:09 EDT
New patch was applied.
Comment 7 Steve Grubb 2005-07-15 12:55:47 EDT
Created attachment 116808 [details]
patch to add audit enhancements

IBM found a couple more records that needed fixing. This patch corrects those
problems. We need to build another candidate release. Thanks.
Comment 8 Peter Vrabec 2005-07-18 11:15:28 EDT
Comment 9 Steve Grubb 2005-07-28 06:47:47 EDT
HP's testing shows another problem. chage records changes when done from the
command line, but not via the interactive session. I will correct the latest
patch  and attach.
Comment 10 Steve Grubb 2005-07-28 16:57:36 EDT
Created attachment 117245 [details]
patch to add audit enhancements

This patch adds logging for chage when it goes into interactive mode.
Comment 11 Peter Vrabec 2005-08-01 10:42:01 EDT
Comment 13 Steve Grubb 2005-08-29 16:01:29 EDT
The CAPP requirements is to log any change to an account attribute. The
necessary information is: who did it (loginuid), the acct affected, the
operation being performed, and the results. The progams affected are: chage,
gpasswd, groupadd, groupdel, groupmod, useradd, userdel, & usermod.
Comment 14 Steve Grubb 2005-08-29 16:05:40 EDT
There is one change that should be made for FC4 & rawhide. The audit_help_open
function should detect some other errno's in case it is running on a custome
kernel. It should be:

+void audit_help_open(void)
+#ifdef WITH_AUDIT
+	audit_fd = audit_open();
+	if (audit_fd < 0) {
+		/* You get these only when the kernel doesn't have
+		 * audit compiled in. */
+		if (errno == EINVAL || errno == EPROTONOSUPPORT ||
+                               errno == EAFNOSUPPORT)
+			return;
+		fprintf(stderr, "Cannot open audit interface - aborting.\n");
+		exit(1);
+	}
Comment 15 Red Hat Bugzilla 2005-10-05 08:42:44 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.