Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 159215

Summary: shadow-utils updates for new audit system
Product: Red Hat Enterprise Linux 4 Reporter: Steve Grubb <sgrubb>
Component: shadow-utilsAssignee: Peter Vrabec <pvrabec>
Status: CLOSED ERRATA QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: high    
Version: 4.0Keywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHBA-2005-309 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-10-05 12:42:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 156322    
Attachments:
Description Flags
patch to add audit enhancements
none
patch to add audit enhancements
none
patch to add audit enhancements
none
patch to add audit enhancements none

Description Steve Grubb 2005-05-31 17:19:13 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
The shadow-utils package needs some updates for the eal4 certification. I will attach a patch that provides it.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. New functioanlity

Additional info:

Comment 2 Steve Grubb 2005-06-21 21:28:36 UTC
Created attachment 115781 [details]
patch to add audit enhancements

This patch provides the needed updates to log important events into the audit
system. This is needed for IBM's eal/CAPP certification. If you could please
review this patch and build at the first opportunity, that would be
appreciated. IBM needs all rpms that are part of the certification this week.
Thanks!

Comment 3 Steve Grubb 2005-06-21 21:32:04 UTC
You will need to add BuildRequires: audit-libs-devel >= 0.9.8

Comment 5 Steve Grubb 2005-07-06 21:01:17 UTC
Created attachment 116433 [details]
patch to add audit enhancements

IBM found some problems in the previous patch. A new one is attached that
better identifies the account or group being modified. Please apply it. Thanks.

Comment 6 Peter Vrabec 2005-07-07 11:15:09 UTC
New patch was applied.
/mnt/redhat/dist/4E-qu-candidate/shadow-utils/4.0.3-45.RHEL4

Comment 7 Steve Grubb 2005-07-15 16:55:47 UTC
Created attachment 116808 [details]
patch to add audit enhancements

IBM found a couple more records that needed fixing. This patch corrects those
problems. We need to build another candidate release. Thanks.

Comment 8 Peter Vrabec 2005-07-18 15:15:28 UTC
/mnt/redhat/dist/4E-qu-candidate/shadow-utils/4.0.3-47.RHEL4

Comment 9 Steve Grubb 2005-07-28 10:47:47 UTC
HP's testing shows another problem. chage records changes when done from the
command line, but not via the interactive session. I will correct the latest
patch  and attach.

Comment 10 Steve Grubb 2005-07-28 20:57:36 UTC
Created attachment 117245 [details]
patch to add audit enhancements

This patch adds logging for chage when it goes into interactive mode.

Comment 11 Peter Vrabec 2005-08-01 14:42:01 UTC
/mnt/redhat/dist/4E-qu-candidate/shadow-utils/4.0.3-50.RHEL4

Comment 13 Steve Grubb 2005-08-29 20:01:29 UTC
The CAPP requirements is to log any change to an account attribute. The
necessary information is: who did it (loginuid), the acct affected, the
operation being performed, and the results. The progams affected are: chage,
gpasswd, groupadd, groupdel, groupmod, useradd, userdel, & usermod.

Comment 14 Steve Grubb 2005-08-29 20:05:40 UTC
There is one change that should be made for FC4 & rawhide. The audit_help_open
function should detect some other errno's in case it is running on a custome
kernel. It should be:

+void audit_help_open(void)
+{
+#ifdef WITH_AUDIT
+	audit_fd = audit_open();
+	if (audit_fd < 0) {
+		/* You get these only when the kernel doesn't have
+		 * audit compiled in. */
+		if (errno == EINVAL || errno == EPROTONOSUPPORT ||
+                               errno == EAFNOSUPPORT)
+			return;
+		fprintf(stderr, "Cannot open audit interface - aborting.\n");
+		exit(1);
+	}
+#endif
+}

Comment 15 Red Hat Bugzilla 2005-10-05 12:42:44 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2005-309.html