Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1511606 - aureport AVC report header is incomplete
Summary: aureport AVC report header is incomplete
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: audit
Version: 7.5
Hardware: All
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: Steve Grubb
QA Contact: Ondrej Moriš
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-09 16:58 UTC by Ondrej Moriš
Modified: 2018-10-30 11:29 UTC (History)
1 user (show)

Fixed In Version: audit-2.8.4-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-30 11:28:31 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:3237 None None None 2018-10-30 11:29:01 UTC

Description Ondrej Moriš 2017-11-09 16:58:10 UTC
Description of problem:

Header of AVC report from aureport is missing "result" column.

Version-Release number of selected component (if applicable):

audit-2.8.1-1.el7

How reproducible:

100%

Steps to Reproduce:

1. See below

Actual results:

# cat test.log
type=PROCTITLE msg=audit(1510234428.836:1358): proctitle="-bash" 
type=SYSCALL msg=audit(1510234428.836:1358): arch=c000003e syscall=59 success=no exit=-13 a0=1d001e0 a1=1cff160 a2=1d13f00 a3=7ffffa7df320 items=0 ppid=21266 pid=21285 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=8 comm="bash" exe="/usr/bin/bash" subj=user_u:user_r:user_t:s0 key=(null) 
type=AVC msg=audit(1510234428.836:1358): avc:  denied  { execute } for  pid=21285 comm="bash" name="ls" dev="vda1" ino=667 scontext=user_u:user_r:user_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file     

# aureport -a -if test.log
AVC Report
========================================================
# date time comm subj syscall class permission obj event
========================================================
1. 11/09/2017 08:33:48 bash user_u:user_r:user_t:s0 59 file execute unconfined_u:object_r:user_tmp_t:s0 denied 1358

Expected results:

AVC Report
===============================================================
# date time comm subj syscall class permission obj result event
===============================================================

Additional info:

N/A

Comment 2 Steve Grubb 2017-11-13 18:02:50 UTC
Fixed in upstream commit 679711a.

Comment 3 Steve Grubb 2018-06-20 14:01:19 UTC
audit-2.8.4-1.el7 was built to address this issue.

Comment 7 errata-xmlrpc 2018-10-30 11:28:31 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3237


Note You need to log in before you can comment on or make changes to this bug.