Bug 428860 - aureport uses standard input when run from cron
Summary: aureport uses standard input when run from cron
Alias: None
Product: Fedora
Classification: Fedora
Component: audit
Version: 8
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Steve Grubb
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: 433282 436301
TreeView+ depends on / blocked
Reported: 2008-01-15 18:42 UTC by Bruce Orchard
Modified: 2008-03-07 18:00 UTC (History)
0 users

Fixed In Version: 1.6.8-2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-03-07 18:00:09 UTC
Type: ---

Attachments (Terms of Use)

Description Bruce Orchard 2008-01-15 18:42:03 UTC
Description of problem:

When aureport is run from a file in /etc/cron.hourly or /etc/cron.daily, it uses
standard input for input rather than /var/log/audit/audit.log.  It finds no log
records on standard input.

Version-Release number of selected component (if applicable):

How reproducible:
every time

Steps to Reproduce:
1.Create a file in /etc/cron.daily or /etc/cron.hourly to run aureport
2.Wait for cron to run the file
Actual results:
No data is seen by aureport

Expected results:
aureport processes the data in /var/log/audit/audit.log

Additional info:

The following check is done in aureport.c:

        if (input_is_pipe())
                rc = process_stdin();
        else if (user_file)
                rc = process_file(user_file);
                rc = process_logs(&config);

When a job is run by cron, standard input is set to a pipe so the pipe is used
ranther than the files, even if the -if option is given on the aureport command.

Comment 1 Steve Grubb 2008-01-28 23:04:08 UTC
I added --input-logs to audit-1.6.7 development code. It should be released
within a few weeks.

Comment 2 Steve Grubb 2008-01-31 23:43:47 UTC
audit-1.6.7-1 was built into rawhide and F-8 testing. The new option should
solve the problem. Thanks for reporting the bug!

Comment 3 Steve Grubb 2008-03-07 18:00:09 UTC
audit-1.6.8-2 should be available for Fedora 8. Closing this bug. Thanks for the

Note You need to log in before you can comment on or make changes to this bug.