Bug 983711 - Include audit package included in distribution
Include audit package included in distribution
Status: CLOSED ERRATA
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: distribution (Show other bugs)
unspecified
All Linux
high Severity medium
: ---
: ---
Assigned To: Anthony Towns
Rejy M Cyriac
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-11 14:27 EDT by Bob Buckley
Modified: 2014-07-11 02:40 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-09-23 18:32:15 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bob Buckley 2013-07-11 14:27:49 EDT
Description of problem: audit_libs are included in distribution but not audit package itself and it is required by customer for security policy.  Customer does not want to be left to select version to load since it could affect support stature.

Version-Release number of selected component (if applicable): Noted on 2.0 but also missing from 2.1


How reproducible: N/A


Steps to Reproduce: N/A
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Anthony Towns 2013-08-05 22:31:20 EDT
audit should be included as of RHS-2.1-20130805.n.0
Comment 3 Rejy M Cyriac 2013-08-07 04:17:29 EDT
Verified.

'audit' packages are available, 'auditd' is set to run at boot, 'auditd' is running on system, and log file exists.

----------------------------------------------------------------

# cat /etc/redhat-storage-release 
Red Hat Storage Server 2.1

# rpm -qa | grep audit
audit-2.2-2.el6.x86_64
audit-libs-2.2-2.el6.x86_64
audit-libs-python-2.2-2.el6.x86_64

# service auditd status
auditd (pid  8753) is running...

# chkconfig --list auditd
auditd         	0:off	1:off	2:on	3:on	4:on	5:on	6:off

# ps aux | grep audit |  grep -v grep
root      1248  0.0  0.0      0     0 ?        S    05:19   0:00 [kauditd]
root      1532  0.0  0.0  27656   888 ?        S<sl 05:20   0:00 auditd

# ls -l /var/log/audit/audit.log 
-rw------- 1 root root 174127 Aug  7 08:01 /var/log/audit/audit.log

----------------------------------------------------------------

Basic functional check performed using 'auditctl' and 'ausearch' commands.

----------------------------------------------------------------

# auditctl -w /etc/shadow -p wa -k shadow_change

# auditctl -l
LIST_RULES: exit,always watch=/etc/shadow perm=wa key=shadow_change

# passwd root
....
passwd: all authentication tokens updated successfully.

# ausearch -k shadow_change
----
time->Wed Aug  7 08:07:29 2013
type=CONFIG_CHANGE msg=audit(1375843049.672:285): auid=0 ses=3 op="add rule" key="shadow_change" list=4 res=1
----
time->Wed Aug  7 08:07:47 2013
type=PATH msg=audit(1375843067.097:287): item=4 name="/etc/shadow" inode=3670993 dev=fd:00 mode=0100000 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1375843067.097:287): item=3 name="/etc/shadow" inode=3671712 dev=fd:00 mode=0100000 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1375843067.097:287): item=2 name="/etc/nshadow" inode=3670993 dev=fd:00 mode=0100000 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1375843067.097:287): item=1 name="/etc/" inode=3670017 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1375843067.097:287): item=0 name="/etc/" inode=3670017 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1375843067.097:287):  cwd="/root"
type=SYSCALL msg=audit(1375843067.097:287): arch=c000003e syscall=82 success=yes exit=0 a0=7fa4d9346aa3 a1=7fa4d9346a97 a2=7fa4e0c88ed8 a3=0 items=5 ppid=2978 pid=5175 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="passwd" exe="/usr/bin/passwd" key="shadow_change"
----
time->Wed Aug  7 08:07:47 2013
type=CONFIG_CHANGE msg=audit(1375843067.097:286): auid=0 ses=3 op="updated rules" path="/etc/shadow" key="shadow_change" list=4 res=1

# auditctl -D
No rules

# auditctl -l
No rules

----------------------------------------------------------------
Comment 4 Scott Haines 2013-09-23 18:32:15 EDT
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. 

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1262.html

Note You need to log in before you can comment on or make changes to this bug.